Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

dns server recursive lookups bad?

Discussion in 'Bind/DNS/Nameserver' started by Jeff-C, Mar 2, 2006.

  1. djmerlyn

    djmerlyn Well-Known Member

    Joined:
    Aug 31, 2004
    Messages:
    201
    Likes Received:
    1
    Trophy Points:
    168
    Wait, I see now...you turn that on and you can't send mail to places like yahoo, aol, msn...

    So, back to where we started I suppose... Does this mean that in order to send email out to these places, I also need to allow there IP's recursion? I can't see how adding my own IP's to the allowed list will make these remote sites accessable via email.

    Or do these providers need to stop doing recursive lookups on email sent to them...hmm...

    Curious...it seems like a wicked loop that anyone can get lost in...
     
  2. Jeff-C

    Jeff-C Well-Known Member

    Joined:
    Mar 16, 2004
    Messages:
    116
    Likes Received:
    0
    Trophy Points:
    166
    Adding your own server IP's to the recursion-allowed list will allow you to send mail to anywhere as before.
     
  3. djmerlyn

    djmerlyn Well-Known Member

    Joined:
    Aug 31, 2004
    Messages:
    201
    Likes Received:
    1
    Trophy Points:
    168
    But I was under the impression that these remote mail folks did recursive lookups and if it fails they bounce it?

    The reverse DNS thing with AOL stands out at me right up front...

    I understand putting in the local IP's will resolve:

    unrouteable mail domain "yahoo.com"

    But so now that its routable, what is yahoo or AOL going to think about it when looking backwards (in reverse)...

    Thanks for helping end the confusion ;)
     
  4. widesurf

    widesurf Member

    Joined:
    Apr 20, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    151
    How to open name.conf

    Hello,

    Could anyone tell me how I actually get into (or open) named.conf ?
    I know it's located in the etc/ folder.

    I assume you are using SSH/Shell Access in cpanel?
    I've tried to enter "vi named.conf", but there are no info displayed.

    Could anyone shead some light on this.

    Thanks in advance,

    Oddvin
     
  5. widesurf

    widesurf Member

    Joined:
    Apr 20, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    151
    named.conf

    I was Finally able to edit named.conf and After I made
    the change dnsreport.com stated PASS on Open DNS servers ;)

    However, my server monitoring stated DNS : This test failed!

    Here's how my named.conf looked like :


    options {
    directory "/var/named";
    allow-recursion { 127.0.0.1; 69.10.154.129; 69.10.154.130; };
    /*
    * If there is a firewall between you and nameservers you want
    * to talk to, you might need to uncomment the query-source
    * directive below. Previous versions of BIND always asked
    * questions using port 53, but BIND 8.1 uses an unprivileged
    * port by default.
    */
    // query-source address * port 53;



    Do anyone have any idea what could be wrong ?

    Oddvin
    DirectNetMarketing.com
     
  6. chirpy

    chirpy Well-Known Member Verifed Vendor

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Yes, it would fail. If you want to allow it you would need to add the IP address of your server monitoring service.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. widesurf

    widesurf Member

    Joined:
    Apr 20, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    151
    Thanks

    I finally guessed that was the reason and it's good to have it answered here ;)

    However, (don't know if this matters), but when restarting DNS server (Named)
    it says:

    loading configuration from '/etc/named.conf' Apr 23 11:35:06 server named[25341]: no IPv6 interfaces found Apr 23 11:35:06 server named[25341]:

    Should I worry :eek:


    Thanks for your outstanding support on this forum !

    Oddvin
     
  8. easyhoster1

    easyhoster1 Well-Known Member

    Joined:
    Sep 25, 2003
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    166
    No, no need to worry, that is for IP version 6 which will someday include six sets of octets numbers 123.345.678.2.3 because IP version 4 is running out of available octets.
     
    #28 easyhoster1, Apr 24, 2006
    Last edited: Apr 24, 2006
  9. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    166
    From my personal experience, this setup if far from perfect and we have seen far too many issues with this setup. For eg, once this is implamented there will be a noticable increase in the dreaded "UNROUTABLE DOMAIN" issue in the mail logs. We tested one of our servers using this setup and within 2 weeks every single messages being sent to the server was reporting an unroutable issue, obviously DNS releated. Once we restored our backup all the problems went away. So i suggest that if you imlament this modificaiton that you watch your maillog carefully!!!
     
    #29 jackie46, May 1, 2006
    Last edited: May 1, 2006
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice