[question] new bind option "max-recursion-depth"

Techs_Maru tecabu at gmail.com
Tue Dec 16 02:13:17 UTC 2014

Hi, Bind-user folks,

I have a question, about Vulnerability CVE-2014-8500 new bind option
I do not know this option meaning.

I read ARM Documents....
I used Bind Version is 9.9.6-P1.

max-recursion-depth Sets the maximum number of levels of recursion
that are permitted at any one time while servicing a recursive query.
Resolving a name may require looking up a name server address, which
in turn requires resolving another name, etc; if the number of
indirections exceeds this value, the recursive query is terminated and
returns SERVFAIL. The default is 7.

max-recursion-queries Sets the maximum number of iterative queries
that may be sent while servicing a recursive query. If more queries
are sent, the recursive query is terminated and returns SERV- FAIL.
The default is 50.


Probably meaning of "max-recursion-queries" is Iterative query max
attempt from Cahce Servers.
and also, this configuration option it could be confirmed  that is to
be test servers result "Servfail".

But, "max-recursion-depth",
However, it tried but it did not become a Servfail.
Meaning of is is "Indirections" is described in the document, it means
that when the authority server that does not come directly returns the
IP address, such as the NS and CNAME?
Default 7 times the number of times that follow that?

Please tell me I think it's my lack of knowledge.
I want to know if there is a recommended setting value of everyone


More information about the bind-users mailing list