[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] bind and recursion
- Subject: RE: [cobalt-users] bind and recursion
- From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed Nov 13 11:05:04 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
On Wed, 13 Nov 2002, Michael Aronoff wrote:
> > Gerald wrote:
> > To fix bind for yur nameservers using allow-recursion be careful not
> to use
> > allow-recursion no
> > or
> > allow-recursion { none; };
> > use
> > allow-recursion { ip.ad.re.ss1; ip.ad.re.ss2 };
>
> > Sendmail and DNS are two services that need to use recursive lookups.
> > So the ipaddress of the server at least should be allowed recursion
>
> Would someone mind being a little more specific for us less
> knowledgeable here.
>
> I run a Raq4 as primary DNS and a Qube2 as a secondary DNS server.
>
> Which file should I change and how? Should I allow recursion between
> the two machines only or also allow between me and my ISP's. Also I did
> a search and I see that I can allow recusion for a netmask
> (192.168.0.0/26) is this a good idea?
>
/etc/named.conf
But if you make GUI changes it will get clobered
We don't use the GUI, so it's OK here!
On the Qube2, (we use 8.3.3) but if you are still using the 4.9.x
the file is [IIRC] /etc/named.boot
Yes it's OK to allow recursion for a network as long as all those
ipaddresses are yours It would be good to have some anti-spoofing rules on
the firewall.
As a minimum The servers running sendmail and DNS need to be allowed to do
recursive lookups.
Gerald
--
http://frontstreetnetworks.com | http://raqware.com
Front Street Networks LLC | Phone: +1 203-785-0699
229 Front Street, Ste. C, New Haven, CT. 06513-3203