You might search the list archives, as I think this came up recently...
But I think the general consensus is that you shouldn't have a server that is
both authoritative AND that allows recursive queries. (Security reasons)
And if you do allow both, to limit recursive queries to internal
(semi-trusted/controlled) hosts only.
The options you'll be wanting to look at are:
allow-query
allow-recursion
allow-query-cache
See the docs.
something like;
allow-recursion { local-nets; };
Where local-nets are the local subnets you want to allow recursion for -
meaning you trust those hosts on those subnets more than the open internet.
> Just to be clear, the servers are authoritative
> On Tue, Mar 8, 2022 at 5:27 AM Ritah Mulinde <ryta...@gmail.com> wrote:
>> Thank you Mark
>> Iam abit new to this. How do i fix that??
>> On Tue, Mar 8, 2022 at 5:19 AM Mark Andrews <ma...@isc.org> wrote:
>>> Presumably you are making recursive queries and you are denying them.
>>>> On 8 Mar 2022, at 12:44, Ritah Mulinde <ryta...@gmail.com> wrote:
>>>>
>>>> Hi Guys
>>>> Just got my primary and secondary name servers running.
>>>>
>>>> However, when i reload rdnc and tail the syslogs all i get is
>>>> "(xxxx.xx.com): query (cache) 'cccc.xx.com/A/IN' denied"
>>>>
>>>> Not sure why.
>>>>
>>>> kindly asking for some pointers on where to start looking
>>>>
>>>>
>>>> Thank you
>>>> --
>>>> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>>>> from this list
>>>>
>>>> ISC funds the development of this software with paid support
>>>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>>>> information.
>>>>
>>>>
>>>> bind-users mailing list
>>>> bind-users@lists.isc.org
>>>> https://lists.isc.org/mailman/listinfo/bind-users
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users