How to do external DNS recursion restrictions in Bind?


Well-Known Member
Oct 13, 2005
Spokane, Washington
cPanel Access Level
Root Administrator
I would like to know wow to do external DNS recursion restrictions in Bind?

So only a selected few external non cPanel hosts can use my DNS servers using external recursion. I am running Mod Security and ConfigServer Security & Firewall and other security options in place for protection.

Is this possible of doing?

view "external" {
/* This view will contain zones you want to serve only to "external" clients
* that have addresses that are not on your directly attached LAN interface subnets:
recursion no;
// you'd probably want to deny recursion to external clients, so you don't
// end up providing free DNS service to all takers

// all views must contain the root hints zone:
zone "." IN {
type hint;
file "/var/named/";

// These are your "authoritative" external zones, and would probably
// contain entries for just your web and mail servers:

// BEGIN external zone entries


Well-Known Member
Nov 27, 2006
You should be able to use the allow-recursion statement in the options {} section like so:

allow-recursion {x.x.x.x; y.y.y.y};

where x.x.x.x and y.y.y.y are hosts out on the Internet you want to be able to perform recursive lookups.