[Pdns-users] to recurse or not to recurse ...
udo.rader at bestsolution.at
Fri Dec 15 14:56:04 UTC 2006
we are hosting a couple of domains using powerdns, filled by the LDAP
Now I've come across a site that tests DNS settings and essentially for
all the domains we host we get some warnings, so for example:
Took off 20 points since ns1.example.com does not respond
authoritatively (can cause unexpected responses and add delays).
Took off 10 points since ns1.example.com is an open DNS server (if
abused, your DNS may be inaccessible, and over usage could result in
The first warning is about the notorious "authoritative" problem, dig
clearly shows that the AA bit has been set, so that's probably a false
Yet the second warning frightens me a bit. This obviously means that
everybody can query our name server for any other domain. So far this
did not really scare me but after googling around this seems to be a
No I have 2 questions:
#1 is this really a "risk" except for potentially burdening our name
servers with queries from external clients?
#2 and if it is a risk, how would I limit the recursion so that only
our own domains are recursed? recursor.conf knows the auth-zone
directive, yet I can hardly use it with the LDAP backend. Or maybe I am
missing something basic here?
bestsolution.at EDV Systemhaus GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Pdns-users