bind-users Digest, Vol 2083, Issue 1

Reindl Harald h.reindl at
Sun Apr 5 16:07:59 UTC 2015

Am 05.04.2015 um 17:52 schrieb STEPHEN EYRE:
> The aim is to make it authoritive as well as hosting my web sites

but a authoritive nameserver don't need nor should it do recursion for 
foreign zones, it only should respond for the zones he is authoritative 
for and so the behavior is correctly, make sure it answers for your 
zones and the point your domains to your nameservers (at least TWO) and 
you are done

> Message: 1
> Date: Sun, 05 Apr 2015 09:32:36 +0100
> From: Stephen Eyre <sceyre at <javascript:return>>
> To: bind-users at <javascript:return>
> Subject: Dig, open servers and A records
> Message-ID: <5520F324.7050709 at <javascript:return>>
> Content-Type: text/plain; charset=utf-8; format=flowed
> Dear All
> The good news is that I have my server running. The not so good news is
> that there are a few problems which could be interconnected.
> My server is called and its ip address is
> Going on to I find that returns suitable
> entries under the NS and SOA section. There are nothing but red crosses
> under A records section - I was expecting my ip address.
> Then when I dig a domain name like I get suitable replies
> but when I dig an ip address like the request gets the reply
> Further enquiries show that I dont have an open recursive site when the
> errors above still apply.
> When I change my /etc/bind/named.conf.local file from 'recursion no;' to
> 'recursion yes;' I get an inverse of the above. I get full replies from
> all my dig enquiries but I get an open recursive warning - which I
> obviously dont want.
> replies remain the same.
> So todays question is - what do I need to do to keep my server closed,
> get proper dig replies and get my A records showing up on
> Or is everything working well and its not necessary to have dig
> providing proper replies?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the bind-users mailing list