{"id":4,"date":"2005-09-10T20:47:09","date_gmt":"2005-09-10T18:47:09","guid":{"rendered":"http:\/\/www.sprawl.it\/ian\/?p=4"},"modified":"2007-10-10T21:29:26","modified_gmt":"2007-10-10T19:29:26","slug":"authoritative-not-really-recursive-dns-with-bind","status":"publish","type":"post","link":"https:\/\/www.sprawl.it\/blog\/2005\/09\/10\/authoritative-not-really-recursive-dns-with-bind\/","title":{"rendered":"Authoritative, not really Recursive, DNS with bind"},"content":{"rendered":"<p>Authoritative DNS servers <strong>should not<\/strong> allow recursion, but in some cases you want the server to be recursive for your (small) network, just in the case you can&#8217;t setup another one.<br \/>\nYou can do a better set up using <em>views<\/em>, but i was in a hurry and this configuration will be only time limited:<\/p>\n<p><strong>allow-recursion<\/strong> defines a <em>match list<\/em> e.g. IP address(es) which are allowed to issue recursive queries to the server. If the answer to the query <u><em>already exists<\/em><\/u><br \/>\nin the cache it will be returned irrespective of this statement. If not<br \/>\nspecified all hosts are allowed to make recursive queries. This<br \/>\nstatement may be used in a <em>view<\/em> or a global <em>options<\/em> clause.<\/p>\n<p>I found  <strong>this<\/strong> useful information <a href=\"http:\/\/www.zytrax.com\/books\/dns\/ch7\/queries.html\">here<\/a>.<\/p>\n<p>The <strong>useful information<\/strong> are the words <u><em>already exists<\/em><\/u> and i noticed that a simple reload sometime in not enough, so try a restart of the bind server when you change your  configuration.<br \/>\nThis is my named.conf that allows recursion to a limited number of clients (IP are not real):<br \/>\n<code>.<br \/>\n.<br \/>\nacl \"recursiveclient\" {<br \/>\n127.0.0.1;<br \/>\n191.121.7.0\/29;<br \/>\n};<br \/>\n.<br \/>\n.<br \/>\noptions {<br \/>\ndirectory \"\/var\/cache\/bind\";<br \/>\nauth-nxdomain no;    # conform to RFC1035<br \/>\nallow-transfer {<br \/>\n191.121.7.2;<br \/>\n193.205.245.66;<br \/>\n193.205.245.8;<br \/>\n};<br \/>\n\/\/recursion no;\t\t\/\/ you need this only if you don't want recursion at all<br \/>\n\/\/ and this is not our case<br \/>\nallow-recursion { recursiveclient; };  \/\/your lan can use bind as a recursive server<br \/>\n};<br \/>\n.<br \/>\n.<br \/>\n<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Authoritative DNS servers should not allow recursion, but in some cases you want the server to be recursive for your (small) network, just in the case you can&#8217;t setup another one. You can do a better set up using views, but i was in a hurry and this configuration will be only time limited: allow-recursion [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[2],"tags":[84,33],"class_list":["post-4","post","type-post","status-publish","format-standard","hentry","category-it","tag-dns","tag-internet"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7cMxL-4","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/www.sprawl.it\/blog\/wp-json\/wp\/v2\/posts\/4","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sprawl.it\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sprawl.it\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sprawl.it\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sprawl.it\/blog\/wp-json\/wp\/v2\/comments?post=4"}],"version-history":[{"count":0,"href":"https:\/\/www.sprawl.it\/blog\/wp-json\/wp\/v2\/posts\/4\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.sprawl.it\/blog\/wp-json\/wp\/v2\/media?parent=4"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sprawl.it\/blog\/wp-json\/wp\/v2\/categories?post=4"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sprawl.it\/blog\/wp-json\/wp\/v2\/tags?post=4"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}