[Pdns-users] How to get "Refused" responses with PDNS Authoritative + Recursor?

[Peter van Dijk]

Hello Vlad,

On 09 Feb 2014, at 14:46 , Vlad <vladsol2009 at gmail.com> wrote:

> I trying to use the PDNS Authoritative + Recursor as backend instead
> BIND9 server :-)
> I am almost happy, but there is a small problem ...
> I want to get the behavior, like BIND: if a request is received from
> an address that is not in allow-recursion list, respond Refused. But
> now i getting empty answers with NOERROR... And, as i know, my dns
> server listed in one of the "open resolvers" public list :-)

If the public list has an entry for you even though you respond with empty answers, that list is broken and you should send them a complaint.

For optimal control over the behaviour of your recursor, please do NOT run it behind an authoritative server. Once your recursor is running independently, you can use the allow-from* settings in recursor.conf, or even packet level filtering (like iptables) to make sure you don’t respond to queries.

Kind regards,
-- 
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20140210/e5a39177/attachment-0001.sig>