Seems that bind by default allows recursion and it's not a good idea.
I'm struggling a bit on a couple of systems. These two systems run
sendmail and are nameservers. I have sendmail set to do domain lookups
and bounce if the domain does not exist.
My struggle has been to turn recursion off in bind while allowing
sendmail to do these lookups. I've been trying to do this by setting up
allow-recursion in the options section of named.conf. Using something like
allow-recursion {192.1.1.0/24; 192.34.2.6; };
The IPs have been changed to protect the innocent......
Bind is happy with the entry.. sendmail is not and starts bouncing email.
Does anybody have this working and have any hints? I've googled and
tested for hours....
Best,
John Hinton