[CentOS] Bind Recursion and Sendmail

John Hinton webmaster at ew3d.com
Sun Mar 26 02:46:10 UTC 2006

Aleksandar Milivojevic wrote:
> Question for OP, what's the content of /etc/resolv.conf?  Do you have 
> "nameserver" inthere by any chance?  That would explain why 
> it hasn't worked, since was not on the list of hosts allowed 
> to do recursive lookups.
Ahh yes... I have resolv.conf set to nameserver and it's own 
IP, and also have included secondary and tertiary nameserver entries... 
my three nameservers.

So, at this point I'm planning to use

allow-recursion { localhost;; <ip of local class C>; <ip of 
1st remote nameserver>; <ip of second remote nameserver>; };

in the options section of named.conf. Will do this later tonight.. in 
the morning.. and see if mail continues to flow. Unless someone can come 
up with a really good reason for not doing this.

Apparently, there is the potential for someone on no more than a dialup, 
to completely fill as much as a T-1 with DNS requests if recursion is 
left on. This really is about equal to a bug.. although it clearly is 
not... but for sure should be considered a security issue. For others 
coming into the middle of this... this would be for registered 
nameservers only as I understand it.

John Hinton

More information about the CentOS mailing list