AW: what is the localnet with netmask

Rolf Haynberg rolf.haynberg at
Thu Jun 20 13:07:23 UTC 2013

Sorry, I forgot to mention that the Servers were running "Windows Server 2008". Linux does not seem to be affected.

Von: at [ at] Im Auftrag von Rolf Haynberg
Gesendet: Donnerstag, 20. Juni 2013 14:57
An: bind-users at
Betreff: what is the localnet with netmask

Hi Bind-Users and Devs,

We are running servers which have an IP netmask of and on which we had configured BIND to "allow-recursion { localnets; };". In this setting I would expect that only requests from the localhost allow recursion as there is no localnet.  However, BIND allows recursion globally, here - and we were running open resolvers.

Could this be a bug or is this the wanted behavior?

To the background of my question: Every Parallels Plesk installation brings a BIND with default config set to "allow-recursion { localnets; };". I would humbly assume that the above described behavior could be the reason for at least some open resolvers in the wild.

I'm happy to read your comments,

In article <Pine.NEB.3.96.1000408121723.56992A-100000 at>,
Lance Spitzner  <lspitz at> wrote:
>I am attempting to limit recursive requests
>to my internal network only.  However,
> allow-recursion { localnets; };
> Doesn't seem to be doing the trick.  What
> is the proper way of limiting recursive lookups
> to a specific system/network?

That's the way to do it.  What seems to be going wrong?

Barry Margolin, barmar at
Genuity, Burlington, MA
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list