DNS Recursion
Bill McGonigle
bill at bfccomputing.com
Wed Sep 14 16:34:01 EDT 2005
On Sep 14, 2005, at 11:34, Kenneth E. Lussier wrote:
> I tried `allow-recursion { x.x.x.x; };` (x.x.x.x = external NAT IP
> address), but the query was denied with:
> named[2692]: denied recursion for query from [x.x.x.x].24684 for
> www.google.com IN
I'd expect the source of the UDP packet to be the originating host, not
the IP of the NAT, unless you're doing port forwarding. Maybe I don't
understand the network setup fully - can you diagram with whatever
level of obfuscation is required?
> I have also tried setting up acl external {}; with the ip addresses of
> the external hosts and using `allow-recursion { external; };`. This is
> also denied.
That's supposed to work.
-Bill
-----
Bill McGonigle, Owner Work: 603.448.4440
BFC Computing, LLC Home: 603.448.1668
bill at bfccomputing.com Mobile: 603.252.2606
http://www.bfccomputing.com/ Pager: 603.442.1833
Jabber: flowerpt at gmail.com Text: bill+text at bfccomputing.com
RSS: http://blog.bfccomputing.com/rss
More information about the gnhlug-discuss
mailing list