[Pdns-users] Recursion allowed for all in test from intodns (SOLVED)

Miguel Miranda miguel.mirandag at gmail.com
Fri Apr 19 21:00:59 UTC 2013


hi, another list member has explained me that allow-recursion is comma
separated parameter, i just edited that line and now i have a pretty secure
resolver, im sending this email so other members (newbies may be) dont make
the same mistake,
thank to all for this great piece of software .


On Fri, Apr 19, 2013 at 9:27 AM, Miguel Miranda
<miguel.mirandag at gmail.com>wrote:

> hello guys, i have two identical servers, the only one difference between
> both are their ip address, for some estrange reason when i test my auth
> domains in www.intodns.com it tells me one of then allows anonymous
> recursive querys. i have double checked the config and nothing is wrong, i
> have pdns-recursor running in localhost and an access list configured in
> pdns, this is the pdns.conf file:
>
> setuid=pdns
> setgid=pdns
> allow-recursion=127.0.0.0/8 \
> a.b.c.d \
> e.f.g.h \
> j.k.l.m
> cache-ttl=300
> daemon=yes
> disable-tcp=yes
> distributor-threads=25
> guardian=yes
> launch=gmysql
> gmysql-host=127.0.0.1
> gmysql-dbname=powerdns
> gmysql-user=pdns
> gmysql-password=J4s0n2013
> lazy-recursion=yes
> local-address=200.12.232.4
> local-port=53
> log-dns-details=no
> log-dns-queries=no
> log-failed-updates=no
> max-cache-entries=2000000
> negquery-cache-ttl=0
> query-cache-ttl=300
> query-logging=no
> receiver-threads=25
> recursive-cache-ttl=300
> recursor=127.0.0.1
> webserver=yes
> webserver-address=w.x.y.z
>
>
> and this is the recursor.conf file
>
> setuid=pdns-recursor
> setgid=pdns-recursor
> daemon=yes
> dont-query=127.0.0.0/8
> local-address=127.0.0.1
> local-port=53
> log-common-errors=no
> max-cache-entries=2000000
> max-negative-ttl=0
> max-packetcache-entries=2000000
> packetcache-servfail-ttl=0
> quiet=yes
> threads=15
>
>
> Please give me some advise so i dont get blacklisted for having a
> vulnerable dns recursor.
> regards
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20130419/f1099752/attachment.html>


More information about the Pdns-users mailing list