Stefan Kaltenbrunner wrote:
> Dave Page wrote:
>> Marc,
>>
>> Can you please confirm which of the hub.org DNS servers do and do not
>> allow recursion now, and if things are going to stay that way? We're
>> finding that some things appear to have broken recently, apparently
>> because they no longer have a suitable DNS server configured (rsync
>> access via hostname on svr4, email address validation on wwwmaster).
>
> That is probably the result of trying to tighten up security on the
> resolvers (iirc you even have been cc'd in those mails) a while ago
Yeah, I do remember it.
>> A quick test shows that ns, ns2 and ns4 are recursive, but ns3 is not
>> at present.
>
> well we should make sure that all our authoritative nameservers are NOT
> providing recursion to the world - so we need to find a way to restrict
> recursion to some limited hosts/ranges.
Or split the 4 into defined roles. Either way though, I'd like some
clarifcation on what the official strategy is so I can make sure the
vservers are all correct now, and bug him further if there are any
additional problems.
Regards, Dave.
