[Pdns-users] Authrotative and recursive on same ip creates an open recursive server

Michael Loftis mloftis at wgops.com
Thu Mar 29 20:38:04 UTC 2012


The recursor only ever talks to the authoritative ersolver in this
scneario so the authoritative resolver needs further configuration to
properly restrict who is being allowed to use it recursively.
recursor.conf only affects the recursor itself.  You need to set, in
pdns.conf, allow-recursion to restrict appropriately.

Also, its usually not a good idea to have your recursors and
authoritative nameservers on the same IPs, the authoritative should
really just be serving authoritative data and never recursing.  This
helps prevent accidental (and malicious) cache poisoning of your
authoritative nameserver.

On Thu, Mar 29, 2012 at 2:27 PM, Miguel Miranda
<miguel.mirandag at gmail.com> wrote:
> Hello to all, im migrating several of my dns server from bind to powerdns, i
> was trying the recursor only and it restricted who can use my server to the
> nets listed in allow-from-file, when i configure the authoritative and
> recursor using the recursor= 127.0.0.1, everybody can use my server for
> recursion, am i missing something or bypassing allow-from-file is the normal
> operation in this scenario?
> regards
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>



-- 

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler



More information about the Pdns-users mailing list