Authoritative, not really Recursive, DNS with bind

Authoritative DNS servers should not allow recursion, but in some cases you want the server to be recursive for your (small) network, just in the case you can’t setup another one.
You can do a better set up using views, but i was in a hurry and this configuration will be only time limited:

allow-recursion defines a match list e.g. IP address(es) which are allowed to issue recursive queries to the server. If the answer to the query already exists
in the cache it will be returned irrespective of this statement. If not
specified all hosts are allowed to make recursive queries. This
statement may be used in a view or a global options clause.

I found this useful information here.

The useful information are the words already exists and i noticed that a simple reload sometime in not enough, so try a restart of the bind server when you change your configuration.
This is my named.conf that allows recursion to a limited number of clients (IP are not real):
.
.
acl "recursiveclient" {
127.0.0.1;
191.121.7.0/29;
};
.
.
options {
directory "/var/cache/bind";
auth-nxdomain no; # conform to RFC1035
allow-transfer {
191.121.7.2;
193.205.245.66;
193.205.245.8;
};
//recursion no; // you need this only if you don't want recursion at all
// and this is not our case
allow-recursion { recursiveclient; }; //your lan can use bind as a recursive server
};
.
.


Pubblicato

in

da

Tag:

Commenti

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.