Hi Bind-Users and Devs,
We are running servers which have an IP netmask of 255.255.255.255 and on which
we had configured BIND to "allow-recursion { localnets; };". In this setting I
would expect that only requests from the localhost allow recursion as there is
no localnet. However, BIND allows recursion globally, here - and we were
running open resolvers.
Could this be a bug or is this the wanted behavior?
To the background of my question: Every Parallels Plesk installation brings a
BIND with default config set to "allow-recursion { localnets; };". I would
humbly assume that the above described behavior could be the reason for at
least some open resolvers in the wild.
I'm happy to read your comments,
Rolf
In article <Pine.NEB.3.96.1000408121723.56992A-100000 at shell-1.enteract.com>,
Lance Spitzner <lspitz at enteract.com> wrote:
>I am attempting to limit recursive requests
>to my internal network only. However,
>
> allow-recursion { localnets; };
>
> Doesn't seem to be doing the trick. What
> is the proper way of limiting recursive lookups
> to a specific system/network?
That's the way to do it. What seems to be going wrong?
--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
