Results 1 to 11 of 11
  1. #1
    Join Date
    Jan 2005
    Location
    Shelbyville, TN
    Posts
    118

    recursive lookups

    when i do a

    recursion no;" in the "options" of named.conf

    it blocks email from coming into the server, and out as well.

    What should i do?

    Thanks
    Robert

  2. #2
    Is your resolv.conf file configured? There should be the NS servers from your upstream provider, those IPs should be on the same network as you for the fastest NS replies.
    ServerTweak Networks, LLC >> ServerTweak.com
    Experience the fastest network and superior servers, feel the power of ServerTweak!
    Fremont, CA DataCenter | Dedicated Servers | Colocation | Cross Connects HE.net | 1/4 - Full Cab Sales

  3. #3
    Join Date
    Jan 2005
    Location
    Shelbyville, TN
    Posts
    118
    Yes my resolv.conf had my 2 ip name servers as well as a 3rd major one listed.

    Im not sure why when i add the recursion no command mail is blocked both in and out.

    I never had to config the named.conf before.

  4. #4
    Join Date
    Nov 2002
    Location
    WebHostingTalk
    Posts
    8,901
    * Moved to Technical and Security Issues...

    Sirius
    I support the Human Rights Campaign!
    Moving to the Tampa, Florida area? Check out life in the suburbs in Trinity, Florida.

  5. #5
    Join Date
    Jan 2004
    Location
    North Yorkshire, UK
    Posts
    4,164
    If you are using your own box as nameservers you would have to replace recursion no with:

    allow-recursion { 192.168.0.1; 192.168.0.2; };

    etc...

    Dan
    █ Dan Kitchen | Technical Director | Razorblue
    █ ddi: (+44) (0)1748 900 680 | e: dkitchen@razorblue.com
    █ UK Intensive Managed Hosting, Clusters and Colocation.
    █ HP Servers, Cisco/Juniper Powered BGP Network (AS15692).

  6. #6
    Join Date
    Apr 2003
    Location
    San Jose, CA.
    Posts
    1,624
    One solution would be to setup bind to use views.

    So that any internal clients seeking resolution would be allowed recursion and any external clients would essentially see only an authoritative nameserver.

    I don't know what version of Bind your using tho... But, I'd assume some revision of Bind9.

    http://www.oreillynet.com/pub/a/orei...iews_0501.html

    This might be overkill and Dan's solution would probably be easier to implement :p

  7. #7
    Join Date
    Jan 2004
    Location
    North Yorkshire, UK
    Posts
    4,164
    Quote Originally Posted by Lightwave
    One solution would be to setup bind to use views.

    So that any internal clients seeking resolution would be allowed recursion and any external clients would essentially see only an authoritative nameserver.

    I don't know what version of Bind your using tho... But, I'd assume some revision of Bind9.

    http://www.oreillynet.com/pub/a/orei...iews_0501.html

    This might be overkill and Dan's solution would probably be easier to implement :p
    My solution effectively does the same thing just less complicated.

    Dan
    █ Dan Kitchen | Technical Director | Razorblue
    █ ddi: (+44) (0)1748 900 680 | e: dkitchen@razorblue.com
    █ UK Intensive Managed Hosting, Clusters and Colocation.
    █ HP Servers, Cisco/Juniper Powered BGP Network (AS15692).

  8. #8
    Join Date
    Jan 2005
    Location
    Shelbyville, TN
    Posts
    118
    Hey thanks Razor allow-recursion { 192.168.0.1; 192.168.0.2; };

    worked like a charm!

    THanks alot!

  9. #9
    Join Date
    Feb 2003
    Location
    Panorama City, CA
    Posts
    2,581
    I believe you can use 192.168.1.0/24 (if there in the same block) if you have multiple boxes needing a DNS look up.

    I haven't touched bind in a long time.
    Remote Hands and Your Local Tech for the Los Angeles area.

    (310) 573-8050 - LinkedIn

  10. #10
    Join Date
    Jan 2005
    Location
    Shelbyville, TN
    Posts
    118
    I just added an ip for each ip on the machine, there not all on the same block.

  11. #11
    Join Date
    Nov 2005
    Posts
    352
    Actually, you could have gotten away with using just 127.0.0.1 and the main IP of the server (and you probably don't even need that) in the "allow-recursion" statement. Those would be the only IP's that DNS traffic should originate from.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •