When I looked up "Time to look up idevgames.com A record" at dnsstuff, the result said...

Score: A

Took off 2 points since ns1.devserve.com allows recursive lookups (if lots of people are using the server, it can slow down).
Took off 2 points since ns2.devserve.com allows recursive lookups (if lots of people are using the server, it can slow down).

Not knowing much about 'allows recursive lookups', I googled it. If I am correct, you want to allow this for only local use, and not outside your network, so that spammers don't do any mischief.

So how to solve this?

I read that I need to:

1) edit the file:
/etc/bind/options.conf.wp

Between options { };, add the following line:
allow-recursion { address_match_list };

Example of address_match_list would be:
127.0.0.1; IP of your server; IP of your server; Last IP of your server;

2. Restart named services

Some of this info is coming from:
http://cert.uni-stuttgart.de/archive/bugtraq/2003/09/msg00164.html
and
http://www.networkworld.com/columnists/2005/050205nutter.html

Did I get the above correct? If not, could someone in the know correct my limited knowledge? Also, if I edit the file via SSH, if there anything that can be done in the control panel (Plesk) that might overwrite my not allowing recursive lookup?

Thanks!

Did I get the above correct? If not, could someone in the know correct my limited knowledge? Also, if I edit the file via SSH, if there anything that can be done in the control panel (Plesk) that might overwrite my not allowing recursive lookup?

I did some reading too "googled around" with similar keywords and found same results. I am going ahead and changing my settings as well right away.

I do not think the Plesk control panel would reverse this setting, though i admit that i have very limited knowledge of Plesk.

I wonder if there could be any downsides of disallowing recursive lookups or advantages of allowing recursive lookups (for other than local network).

Surprisingly, some famous domains I checked allow recursive lookups. Some of those are cisco, hp, epson, deftechgroup, powervps :)

I dont allow recursion lookups on my dns server as it produces excess unwanted traffic. I just editted my named.conf in /etc ;P it was pretty easy listed all the ip addresses to allow. I also used this tutorial to disable version output. http://www.eth0.us/obscurity

Now that I have managed DNS I dont have to worry about this anymore.

I dont allow recursion lookups on my dns server as it produces excess unwanted traffic. I just editted my named.conf in /etc ;P it was pretty easy listed all the ip addresses to allow. I also used this tutorial to disable version output. http://www.eth0.us/obscurity

Now that I have managed DNS I dont have to worry about this anymore.
Well, I couldnt find the file mentioned in the earlier post /etc/bind/options.conf.wp. Even opened a support ticket to that effect. Now I have made changes to the /etc/named.conf. I had disabled the version output a few days back with the help of a similar site.

I do not think the Plesk control panel would reverse this setting, though i admit that i have very limited knowledge of Plesk.


Plesk stores it's DNS configuration in mysql and regenerates the zone files, so I expect they will get overwritten at some point (although it may not overwrite everything - you'll have to test).

charles

Thanks for the tip.. Just made these changes to named.conf. The two point deductions are now gone on dnsstuff.



options {
allow-recursion { 127.0.0.1; xxx.xxx.xxx.xxx; };
};

For xxx.xxx.xxx.xxx, you indicate your main IP, correct?

Yes, I'm including both ip addresses and any dedicated ips.

For xxx.xxx.xxx.xxx, you indicate your main IP, correct?

<edited, I got it now>

yeah, thx for the tip, did this also...

Same here.. it's great to see A+ at dnsstuff :)