GNU/Linux | Homebrew designs | Perl | Ruby | Administration | Backup/Recovery | Bugs/Fixes | Certification | Database | Email | File/Print | Hardware | Information Grab Bag | Interoperability | GNU/Linux ABCs | Monitoring | Name Resolution | Network Services | Networking | Remote Control | Security | Desktop | Web | BSD | Solaris | GIAGD | ERP | REALbasic

Last 30 Days | Last 60 Days | Last 90 Days | All Articles | RSS

·Homebrew designs
·Information Grab Bag
·GNU/Linux ABCs
·Name Resolution
·Network Services
·Remote Control
·All Categories

Restricting Recursive Lookups with BIND 8/9
Topic:Name Resolution   Date: 2003-03-16
Printer Friendly: Print   Mobile View: mobile

<<  <   >  >>


When you allow recursive lookups, you open yourself up to various security risks and performance issues, so you should only allow recursion when needed. Recursive lookups are lookups for domains you are not authoritative for. That is, if you are authoritative for, and you don't allow recursion, then if somebody queries your server for, they will just get a host not found error. To turn off recursion alltogether, use this option in named.conf:

options {
directory "/var/named";
recursion no;

We left in the directory option, which you probably have set the same, anyway. Now, say you want to allow recursion for certain hosts. You could do this:

acl recurseallow {;;; };
options {
directory "/var/named";
allow-recursion { recurseallow; };

This would only allow hosts with source IP addresses of,, or query about domains the server is not authoritative for. You can also specify entire subnets using / notation. For further information, check out our Name Resolution section.


Please read our Terms of Use and our Privacy Policy
Microsoft, Windows, Windows Server are either trademarks or registered trademarks of Microsoft Corporation. is not affiliated with Microsoft Corporation. Linux is a registered trademark of Linus Torvalds, and refers to the Linux kernel. The operating system of most distributions that contain the Linux kernel is GNU/Linux. All logos and trademarks in this site are property of their respective owner. Copyright 1997-2013