Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Completely disable recursion #59

Open
jgeusebroek opened this issue Dec 4, 2022 · 1 comment
Open

Completely disable recursion #59

jgeusebroek opened this issue Dec 4, 2022 · 1 comment
Assignees
@cytopia
Labels
bug Bug Report status:triage Issue needs Triaging

Comments

@jgeusebroek
Copy link

First of all, awesome quality image; very well done!

I was wondering how to disable recursion? The docs say it's disabled by default but it is still resolving?

docker run --rm -ti \
-p 5553:53/tcp \
-p 5553:53/udp \
-e DNS_A='test.domain=1.2.3.4' \
-t cytopia/bind

dig @127.0.0.1 -p 5553 test.domain

; <<>> DiG 9.10.6 <<>> @127.0.0.1 -p 5553 test.domain
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6228
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;test.domain. IN A

;; ANSWER SECTION:
test.domain. 5 IN A 1.2.3.4

dig @127.0.0.1 -p 5553 google.com

; <<>> DiG 9.10.6 <<>> @127.0.0.1 -p 5553 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51124
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 300 IN A 142.251.39.110
@dvlbot dvlbot added bug Bug Report status:triage Issue needs Triaging labels Dec 14, 2022
@cytopia
Copy link
Owner

cytopia commented Dec 14, 2022

@jgeusebroek

Without

When starting this image without ALLOW_RECURSION:

docker run -it --rm \
   -e DEBUG_ENTRYPOINT=2 \
   -e DOCKER_LOGS=1 \
   -p 5553:53/tcp \
   -p 5553:53/udp \
   -e DNS_A='test.domain=1.2.3.4' \
   cytopia/bind

It produces the following in /etc/bind/named.conf.options

options {
    directory "/var/cache/bind";
    dnssec-validation no;
    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
    max-cache-size 90%;
    response-policy { zone "rpz"; };
};

With ALLOW_RECURSION

When starting this image with ALLOW_RECURSION:

docker run -it --rm \
   -e DEBUG_ENTRYPOINT=2 \
   -e DOCKER_LOGS=1 \
   -p 5553:53/tcp \
   -p 5553:53/udp \
   -e DNS_A='test.domain=1.2.3.4' \
   -e ALLOW_RECURSION=127.0.0.1 \
   cytopia/bind

It produces the following in /etc/bind/named.conf.options

options {
    directory "/var/cache/bind";
    dnssec-validation no;
    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
    max-cache-size 90%;
    response-policy { zone "rpz"; };
    recursion yes;
    allow-recursion {
        127.0.0.1;
    };
};

So the difference is:

+     recursion yes;
+     allow-recursion {
+         127.0.0.1;
+     };

Isn't that the desired behaviour?

@cytopia cytopia self-assigned this Dec 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cytopia cytopia

Labels
bug Bug Report status:triage Issue needs Triaging
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jgeusebroek @cytopia @dvlbot