+ |
A number of configuration workarounds are available which completely avoid the problem. |
+ |
|
+ |
If an operator has not chosen to specify some other permission, explicitly specifying "allow-query {localnets; localhost;};" in named.conf will provide behavior equivalent to the intended default. |
+ |
|
+ |
If the default setting is not appropriate (because the operator wants a different behavior) then depending on which clients are intended to be able to receive service for recursive queries, explicitly setting a match list value for any of: |
+ |
|
+ |
allow-recursion |
+ |
allow-query |
+ |
allow-query-cache |
+ |
|
+ |
will prevent the "allow-recursion" control from improperly inheriting a setting from the allow-query default. If a value is set for any of those values the behavior of allow-recursion will be set directly or inherited from one of the other values as described in the BIND Adminstrator Reference Manual section 6.2 |
+ |
|
+ |
Servers which are not intended to perform recursion at all may also effectively prevent this condition by setting "recursion no;" in named.conf |