Hello Vlad, On 09 Feb 2014, at 14:46 , Vlad <vladsol2...@gmail.com> wrote:
> I trying to use the PDNS Authoritative + Recursor as backend instead > BIND9 server :-) > I am almost happy, but there is a small problem ... > I want to get the behavior, like BIND: if a request is received from > an address that is not in allow-recursion list, respond Refused. But > now i getting empty answers with NOERROR... And, as i know, my dns > server listed in one of the "open resolvers" public list :-) If the public list has an entry for you even though you respond with empty answers, that list is broken and you should send them a complaint. For optimal control over the behaviour of your recursor, please do NOT run it behind an authoritative server. Once your recursor is running independently, you can use the allow-from* settings in recursor.conf, or even packet level filtering (like iptables) to make sure you don’t respond to queries. Kind regards, -- Peter van Dijk Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
