[CentOS] Bind Recursion and Sendmail

John Hinton webmaster at ew3d.com
Sun Mar 26 02:46:10 UTC 2006


Aleksandar Milivojevic wrote:
>
> Question for OP, what's the content of /etc/resolv.conf?  Do you have 
> "nameserver 127.0.0.1" inthere by any chance?  That would explain why 
> it hasn't worked, since 127.0.0.1 was not on the list of hosts allowed 
> to do recursive lookups.
>
Ahh yes... I have resolv.conf set to nameserver 127.0.0.1 and it's own 
IP, and also have included secondary and tertiary nameserver entries... 
my three nameservers.

So, at this point I'm planning to use


allow-recursion { localhost; 127.0.0.1; <ip of local class C>; <ip of 
1st remote nameserver>; <ip of second remote nameserver>; };

in the options section of named.conf. Will do this later tonight.. in 
the morning.. and see if mail continues to flow. Unless someone can come 
up with a really good reason for not doing this.

Apparently, there is the potential for someone on no more than a dialup, 
to completely fill as much as a T-1 with DNS requests if recursion is 
left on. This really is about equal to a bug.. although it clearly is 
not... but for sure should be considered a security issue. For others 
coming into the middle of this... this would be for registered 
nameservers only as I understand it.

Best,
John Hinton



More information about the CentOS mailing list