Archive for the tag 'allow-recursion'

ISC BIND & DNS allow-recursion security feature.

allow-recursion { 192.168.1.0/24; localhost; };

The allow-recursion statement specifies which hosts are allowed to make recursive queries through this server. With the configuration as shown above, we allow recursive queries only from internal hosts since allowing every external hosts on the Internet to ask your name server to answer recursive queries can open you up to certain kinds of cache poisoning attacks. This is a security feature.