<div dir="ltr"><div>hi, another list member has explained me that allow-recursion is comma separated parameter, i just edited that line and now i have a pretty secure resolver, im sending this email so other members (newbies may be) dont make the same mistake,<br>
</div>thank to all for this great piece of software .<br><div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Apr 19, 2013 at 9:27 AM, Miguel Miranda <span dir="ltr"><<a href="mailto:miguel.mirandag@gmail.com" target="_blank">miguel.mirandag@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>hello guys, i have two identical servers, the only one difference between both are their ip address, for some estrange reason when i test my auth domains in <a href="http://www.intodns.com" target="_blank">www.intodns.com</a> it tells me one of then allows anonymous recursive querys. i have double checked the config and nothing is wrong, i have pdns-recursor running in localhost and an access list configured in pdns, this is the pdns.conf file:<br>
<br>setuid=pdns<br>setgid=pdns<br>allow-recursion=<a href="http://127.0.0.0/8" target="_blank">127.0.0.0/8</a> \<br>a.b.c.d \<br></div>e.f.g.h \<br></div>j.k.l.m<br><div><div>cache-ttl=300<br>daemon=yes<br>disable-tcp=yes<br>
distributor-threads=25<br>
guardian=yes<br>launch=gmysql<br>gmysql-host=127.0.0.1<br>gmysql-dbname=powerdns<br>gmysql-user=pdns<br>gmysql-password=J4s0n2013<br>lazy-recursion=yes<br>local-address=200.12.232.4<br>local-port=53<br>log-dns-details=no<br>
log-dns-queries=no<br>log-failed-updates=no<br>max-cache-entries=2000000<br>negquery-cache-ttl=0<br>query-cache-ttl=300<br>query-logging=no<br>receiver-threads=25<br>recursive-cache-ttl=300<br>recursor=127.0.0.1<br>webserver=yes<br>
webserver-address=w.x.y.z<br><br><br></div><div>and this is the recursor.conf file<br><br>setuid=pdns-recursor<br>setgid=pdns-recursor<br>daemon=yes<br>dont-query=<a href="http://127.0.0.0/8" target="_blank">127.0.0.0/8</a><br>
local-address=127.0.0.1<br>
local-port=53<br>log-common-errors=no<br>max-cache-entries=2000000<br>max-negative-ttl=0<br>max-packetcache-entries=2000000<br>packetcache-servfail-ttl=0<br>quiet=yes<br>threads=15<br><br><br></div><div>Please give me some advise so i dont get blacklisted for having a vulnerable dns recursor.<br>
</div><div>regards<br></div></div></div>
</blockquote></div><br></div></div></div></div></div>