DNS Recursion
Kenneth E. Lussier
klussier at comcast.net
Wed Sep 14 11:37:00 EDT 2005
Hi All,
I'm using BIND8 (8.4.6) as an external name server. I want to also use
it as the name server for my external boxes. However, I can't seem to
get recursion to work correctly.
If I use `allow-recursion {none; };` then dns lookups for my local zones
works fine, but the external boxes can't use it to look up other
domains.
If I use `allow-recursion { any; };` then anyone can use it as a DNS
server.
I tried `allow-recursion { x.x.x.x; };` (x.x.x.x = external NAT IP
address), but the query was denied with:
named[2692]: denied recursion for query from [x.x.x.x].24684 for
www.google.com IN
I have also tried setting up acl external {}; with the ip addresses of
the external hosts and using `allow-recursion { external; };`. This is
also denied.
Is recursion an all or nothing option? I thought that it could take acl
options. Any thoughts?
Thanks,
Kenny
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20050914/4c69081d/attachment.bin
More information about the gnhlug-discuss
mailing list