Hi All, I'm using BIND8 (8.4.6) as an external name server. I want to also use it as the name server for my external boxes. However, I can't seem to get recursion to work correctly.
If I use `allow-recursion {none; };` then dns lookups for my local zones
works fine, but the external boxes can't use it to look up other
domains.
If I use `allow-recursion { any; };` then anyone can use it as a DNS
server.
I tried `allow-recursion { x.x.x.x; };` (x.x.x.x = external NAT IP
address), but the query was denied with:
named[2692]: denied recursion for query from [x.x.x.x].24684 for
www.google.com IN
I have also tried setting up acl external {}; with the ip addresses of
the external hosts and using `allow-recursion { external; };`. This is
also denied.
Is recursion an all or nothing option? I thought that it could take acl
options. Any thoughts?
Thanks,
Kenny
signature.asc
Description: This is a digitally signed message part
