Sam Drinkard wrote: > At the suggestion of some notes on DNSReport.com, I tried turning > recursion off and when I did, it broke sendmail. All of my upstream > DNS' have recursion turned on, and from what I gather about the mess > there is a chance of dns poisoning with recursion on. You can turn recursion off only on name servers that will answer queries from other name servers. You can not turn recursion off on name servers that answer queries from clients. The resolver library is not supposed to perform recursion itself. That's the job of name server. That's why it broke your Sendmail. The resolver libraries are usually too dumb to perform recursive lookups them self, and might be even prevented to do so by firewalls. Also, it would be waste of your network bandwidth since you'd loose effects of caching that name servers are performing. Said that, on name servers that are supposed to answer queries from clients, you should be able to allow recursion only for specific clients. If you have a valid reason to do so. That basically means name server will not be particularly useful to clients not on the list. This might be a good idea if you have only one name server, serving both internal network and Internet (not such a good idea, IMO). Question for OP, what's the content of /etc/resolv.conf? Do you have "nameserver 127.0.0.1" inthere by any chance? That would explain why it hasn't worked, since 127.0.0.1 was not on the list of hosts allowed to do recursive lookups.