Someone complained to me today that our BIND servers allowed recursion, which basically means they resolve names that they aren't specifically authoritative for. Now this is the way I planned it—we use these nameservers to resolve for our local network clients as well as being authoritative for the domains we own.
Anyway, BIND supports an allow-recursion tag under the options section where you can define an ACL (Access Control List) for allowed recursion clients. So I happily added it, with my ACL list, but my computer stopped working. I could dig at our other nameservers and resolve fine, but not on my own (my desktop). Turns out, I didn't add 127.0.0.1 to the ACL! Doh!
Here's how you need to do it. In your /etc/named.conf file:
acl internal {
192.168.1.0/24;
127.0.0.1;
};
Make sure you add in any public IP addresses you need there as well, especially if you've got more than one network card in the nameserver.
Then, under the options section of named.conf, add:
allow-recursion { internal; };
Yay for recursion!
Wow, lots of funny news today to report. How about this one: a marriage counselor has an affair with one of his patients.
Yay for irony!
Here is the cure for hay fever I've been waiting for all my life. I bet there's a few other things it'll cure, too.
Yay for snogging!
Go read about how to take a singing greeting card and use it as a prank on somebody's keyboard.
Yay for keyboards!
Now that things are growing pretty well, here are a few pictures I snapped this morning of our front yard.
Yay for flowers!
Today is my (and Lorien's) First Wedding Anniversary!
Yay for us!