Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to do external DNS recursion restrictions in Bind?

Discussion in 'Bind/DNS/Nameserver' started by vlee, Jul 16, 2012.

  1. vlee

    vlee Well-Known Member

    Oct 13, 2005
    Likes Received:
    Trophy Points:
    Spokane, Washington
    cPanel Access Level:
    Root Administrator
    I would like to know wow to do external DNS recursion restrictions in Bind?

    So only a selected few external non cPanel hosts can use my DNS servers using external recursion. I am running Mod Security and ConfigServer Security & Firewall and other security options in place for protection.

    Is this possible of doing?

    view "external" {
    /* This view will contain zones you want to serve only to "external" clients
    * that have addresses that are not on your directly attached LAN interface subnets:
    recursion no;
    // you'd probably want to deny recursion to external clients, so you don't
    // end up providing free DNS service to all takers

    // all views must contain the root hints zone:
    zone "." IN {
    type hint;
    file "/var/named/";

    // These are your "authoritative" external zones, and would probably
    // contain entries for just your web and mail servers:

    // BEGIN external zone entries
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. jerrybell

    jerrybell Well-Known Member

    Nov 27, 2006
    Likes Received:
    Trophy Points:
    You should be able to use the allow-recursion statement in the options {} section like so:

    allow-recursion {x.x.x.x; y.y.y.y};

    where x.x.x.x and y.y.y.y are hosts out on the Internet you want to be able to perform recursive lookups.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice