Barry Margolin writes: > Do you have recursion enabled on your server?
A good question. I have never explisitly disabled it and it appears to be on. We have an allow-query list based on ACL's so that callers from inside our networks get both recursive and nonrecursive lookups. Spammer1.somewhereelse.com looking up poorsucker.hooville.org gets nothing but can still spam us since all our zones allow anyone to do lookups against their zone data. The problem is that lookups to this private zone are still coming from the networks that should allow full functionality. the config for this private zone is: zone "r.ds" { type master; file "/etc/namedb/master/r.ds.zone"; allow-update { key updsrv; }; allow-query { any; }; #a list of slaves include "/etc/zoneconfigs/stwnotify"; notify yes; }; In the global named.conf file, I do not set any directives regarding recursion. The characters "recur" do not even appear in the file so I always assumed recursion was turned on. Status checks on a busy day usually show 50 to 100 recursive clients active at any given time but I think you may have possibly hit on what is biting me. Martin _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users