[Pdns-users] Use user questions
Steve Sobol
sjsobol at JustThe.net
Sun Jul 3 22:01:55 UTC 2005
Charles Galpin wrote:
>> If PDNS gets a query it can't answer itself, it'll send it to the
>> recursor, which is running on the same server. The recursor will go
>> get the answer from the appropriate DNS server elswhere on the Internet.
>>
>> You'll generally want to set allow-recursion to only allow certain IPs
>> to make recursive queries, too.
>
> I still haven't found the time to play with pdns, but am hoping to soon.
> Can you please clarify this last statement? Is the suggested
> configuration to not actually use pdns for general DNS, but just on hand
> to answer for the domains it is authoritative for?
Y'know, when I wrote that I was really thinking AXFR, not recursion. Now I'm
reading it, and it looks wrong. ;p
(Open AXFRs can be considered a security hole because you're letting
everyone know about the location of live servers)
So let me modify that statement: It depends on how you are using PDNS. I
have a cablemodem at home, with a dynamic IP address, so I just allow
recursion from anywhere because I set myself up (and occasionally set up my
clients) to use my PDNS server. If you don't have to do so, don't do it.
You'll avoid some unnecessary DNS traffic.
--
JustThe.net - Steve Sobol / sjsobol at JustThe.net / PGP: 0xE3AE35ED
Coming to you from Southern California's High Desert, where the
temperatures are as high as the gas prices! / 888.480.4NET (4638)
"Life's like an hourglass glued to the table" --Anna Nalick, "Breathe"
More information about the Pdns-users
mailing list