allow-recursion and acls

This is a discussion on allow-recursion and acls within the Bind Users forums, part of the DNS and Related Forums category; I have a problem with implementing an ACL that restricts recursive queries. If I allow recursive queries from any networks ...


Go Back   Usenet Forums > DNS and Related Forums > Bind Users

Reload this Page allow-recursion and acls

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 01-12-2005
Jim Mozley
 
Posts: n/a
Default allow-recursion and acls
I have a problem with implementing an ACL that restricts recursive
queries. If I allow recursive queries from any networks all is OK, if I
try to restrict it to certain networks I can see in the logs that
recursion is refused for queries from legitimate IP address.

12-Jan-2005 10:54:33.238 security: notice: denied recursion for query
from [62.244.x.x].12422 for www.ishop.co.uk IN

Can anyone see anything wrong with the configuration below?

I am running bind 8.4.4.

This is OK:

acl our-nets { any; };
allow-recursion { our-nets; };

This seems to cause the problems:

acl our-nets { localhost;
62.244.160.0/19;
83.244.128.0/17;
};
allow-recursion { our-nets; };

I have the ACLs in an include file, which is included at the beginning
of named.conf before the options directive.

Jim


Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 12:54 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0