Aleksandar Milivojevic wrote:
> Sam Drinkard wrote:
>
>> At the suggestion of some notes on DNSReport.com, I tried turning
>> recursion off and when I did, it broke sendmail. All of my upstream
>> DNS' have recursion turned on, and from what I gather about the mess
>> there is a chance of dns poisoning with recursion on.
>
>
> You can turn recursion off only on name servers that will answer
> queries from other name servers. You can not turn recursion off on
> name servers that answer queries from clients.
>
> The resolver library is not supposed to perform recursion itself.
> That's the job of name server. That's why it broke your Sendmail.
> The resolver libraries are usually too dumb to perform recursive
> lookups them self, and might be even prevented to do so by firewalls.
> Also, it would be waste of your network bandwidth since you'd loose
> effects of caching that name servers are performing.
>
> Said that, on name servers that are supposed to answer queries from
> clients, you should be able to allow recursion only for specific
> clients. If you have a valid reason to do so. That basically means
> name server will not be particularly useful to clients not on the
> list. This might be a good idea if you have only one name server,
> serving both internal network and Internet (not such a good idea, IMO).
>
> Question for OP, what's the content of /etc/resolv.conf? Do you have
> "nameserver 127.0.0.1" inthere by any chance? That would explain why
> it hasn't worked, since 127.0.0.1 was not on the list of hosts allowed
> to do recursive lookups.
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
>
Alexsandar,
Thank you for the info. That does make sense now that I think of
it. I guess I tend to believe everything I read from certain places
without question, and that sometimes turns out to bite me in the
rear-end :-)
Sam
