[lug] IS allow-recursion; WAS Logging with Bind 8

charles at lunarmedia.net charles at lunarmedia.net
Sun Dec 30 16:37:16 MST 2001

> You may also want to use the 'allow-recursion' option, so that others will 
> not be able to use your server as their name server.  Not a big deal, but a 
> good idea.  Also helps in preventing a possible DOS:
> allow-recursion {
>          net/bit;
> };
> Same syntax as the rest -- goes in the options section.

	this raises my eyebrow. i don't use allow-recursion simply
	because i only allow queries from a select group of hosts.

	  allow-query { 10.10.220/24;; };

	then, for each domain the server is authoritative for, i 
	add in

	  allow-query { any; };

	would the allow-recursion add any additional benefit with a
	scheme such as the above already in place?


More information about the LUG mailing list