Am I running Recursive DNS?

[snowweb]

I was checking my DNS setup and got the following message from http://www.intodns.com when checking snowweb.info

I could use the nameservers listed below to performe recursive queries. It may be that I am wrong but the chances of that are low. You should not have nameservers that allow recursive queries as this will allow almost anyone to use your nameservers and can cause problems. Problem record(s) are:
216.108.227.21
216.108.227.20

I searched the forums and found this post but before I start tearing my DNS down, I would just like a second opinion on whether a problem really exists?

http://www.directadmin.com/forum/showthread.php?t=17544&highlight=recursive+dns

I have not changed any setting in DNS (other than creating/deleting and modifiying records), the actual way the DNS server is running is as installed by DA, as far as I know.

Should I simply ignore this supposed error?

Regards,

peter

 

[proHSP]

[borisko@my2 ~]$ dig @216.108.227.21 google.com

; <<>> DiG 9.3.4-P1 <<>> @216.108.227.21 google.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12069
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 300 IN A 64.233.167.99
google.com. 300 IN A 64.233.187.99
google.com. 300 IN A 72.14.207.99

;; AUTHORITY SECTION:
google.com. 345600 IN NS ns1.google.com.
google.com. 345600 IN NS ns2.google.com.
google.com. 345600 IN NS ns3.google.com.
google.com. 345600 IN NS ns4.google.com.

;; Query time: 613 msec
;; SERVER: 216.108.227.21#53(216.108.227.21)
;; WHEN: Tue Jul 8 10:56:47 2008
;; MSG SIZE rcvd: 148


Yes, I see, your DNS server supports recursion.
Just add "allow-recursion { 127.0.0.1; };" to the options section in named.conf.

 

[snowweb]

Yes, I see, your DNS server supports recursion.
Just add "allow-recursion { 127.0.0.1; };" to the options section in named.conf.

Thanks buddy.

I've had a search for the file named.conf (or is that a directory?) and can't find either (but then I can't find any way to search for files or directories on Linux either!).

I've checked /var/named/ for a directory or file with that name, but can't find one.

Where should I look please?

peter

 

[proHSP]

If you are using CentOS, it is in /etc/
If you are using FreeBSD, it is in /etc/namedb/

 

[snowweb]

If you are using CentOS, it is in /etc/
If you are using FreeBSD, it is in /etc/namedb/

Thanks Boris, I've done that now, hopefully it's all working!

It would be great if you could test it again for me and let me know?

Kind regards,

pete

 

[proHSP]

It is still resolving
[borisko@my2 root]$ dig @216.108.227.21 google.com

; <<>> DiG 9.3.4-P1 <<>> @216.108.227.21 google.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56138
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 281 IN A 64.233.187.99
google.com. 281 IN A 72.14.207.99
google.com. 281 IN A 64.233.167.99

;; AUTHORITY SECTION:
google.com. 314777 IN NS ns1.google.com.
google.com. 314777 IN NS ns2.google.com.
google.com. 314777 IN NS ns3.google.com.
google.com. 314777 IN NS ns4.google.com.

;; Query time: 229 msec
;; SERVER: 216.108.227.21#53(216.108.227.21)
;; WHEN: Tue Jul 8 19:30:31 2008
;; MSG SIZE rcvd: 148

Have you restarted named?

 

[snowweb]

Good point! I have now! Tnx!

pete

 

[proHSP]

[borisko@my2 root]$ dig @216.108.227.21 google.com

; <<>> DiG 9.3.4-P1 <<>> @216.108.227.21 google.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64488
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com. IN A

;; AUTHORITY SECTION:
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.

;; Query time: 230 msec
;; SERVER: 216.108.227.21#53(216.108.227.21)
;; WHEN: Tue Jul 8 22:26:37 2008
;; MSG SIZE rcvd: 239


Yes, everything is ok now.

 

[snowweb]

That's great! Thanks for your help Boris. That's another one I can tick of on the list

 

[proHSP]

Don't mention it