[CentOS] Bind Recursion and Sendmail
John Hinton
webmaster at ew3d.com
Sun Mar 26 02:46:10 UTC 2006
Aleksandar Milivojevic wrote:
>
> Question for OP, what's the content of /etc/resolv.conf? Do you have
> "nameserver 127.0.0.1" inthere by any chance? That would explain why
> it hasn't worked, since 127.0.0.1 was not on the list of hosts allowed
> to do recursive lookups.
>
Ahh yes... I have resolv.conf set to nameserver 127.0.0.1 and it's own
IP, and also have included secondary and tertiary nameserver entries...
my three nameservers.
So, at this point I'm planning to use
allow-recursion { localhost; 127.0.0.1; <ip of local class C>; <ip of
1st remote nameserver>; <ip of second remote nameserver>; };
in the options section of named.conf. Will do this later tonight.. in
the morning.. and see if mail continues to flow. Unless someone can come
up with a really good reason for not doing this.
Apparently, there is the potential for someone on no more than a dialup,
to completely fill as much as a T-1 with DNS requests if recursion is
left on. This really is about equal to a bug.. although it clearly is
not... but for sure should be considered a security issue. For others
coming into the middle of this... this would be for registered
nameservers only as I understand it.
Best,
John Hinton
More information about the CentOS
mailing list