NetAdminTools.com
 
Categories:
GNU/Linux | Homebrew designs | Perl | Ruby | Administration | Backup/Recovery | Bugs/Fixes | Certification | Database | Email | File/Print | Hardware | Information Grab Bag | Interoperability | GNU/Linux ABCs | Monitoring | Name Resolution | Network Services | Networking | Remote Control | Security | Desktop | Web | BSD | Solaris | GIAGD | ERP | REALbasic

Last 30 Days | Last 60 Days | Last 90 Days | All Articles | RSS


Categories:
·GNU/Linux
·Homebrew designs
·Perl
·Ruby
·Administration
·Backup/Recovery
·Bugs/Fixes
·Certification
·Database
·Email
·File/Print
·Hardware
·Information Grab Bag
·Interoperability
·GNU/Linux ABCs
·Monitoring
·Name Resolution
·Network Services
·Networking
·Remote Control
·Security
·Desktop
·Web
·BSD
·Solaris
·GIAGD
·ERP
·REALbasic
·All Categories


Restricting Recursive Lookups with BIND 8/9
Topic:Name Resolution   Date: 2003-03-16
Printer Friendly: Print   Mobile View: mobile

spacerspacer
<<  <   >  >>

Subject

When you allow recursive lookups, you open yourself up to various security risks and performance issues, so you should only allow recursion when needed. Recursive lookups are lookups for domains you are not authoritative for. That is, if you are authoritative for mycompany.com, and you don't allow recursion, then if somebody queries your server for anotherdomain.com, they will just get a host not found error. To turn off recursion alltogether, use this option in named.conf:

options {
directory "/var/named";
recursion no;
};

We left in the directory option, which you probably have set the same, anyway. Now, say you want to allow recursion for certain hosts. You could do this:

acl recurseallow { 6.4.2.4; 2.4.2.1; 1.2.1.2; };
options {
directory "/var/named";
allow-recursion { recurseallow; };
};

This would only allow hosts with source IP addresses of 6.4.2.4, 2.4.2.1, or 1.2.1.2 query about domains the server is not authoritative for. You can also specify entire subnets using / notation. For further information, check out our Name Resolution section.


People:
Places:
Things:
Times:





Please read our Terms of Use and our Privacy Policy
Microsoft, Windows, Windows Server are either trademarks or registered trademarks of Microsoft Corporation. NetAdminTools.com is not affiliated with Microsoft Corporation. Linux is a registered trademark of Linus Torvalds, and refers to the Linux kernel. The operating system of most distributions that contain the Linux kernel is GNU/Linux. All logos and trademarks in this site are property of their respective owner. Copyright 1997-2013 NetAdminTools.com