Tag Archives: acl

cPanel DNSonly bind recursion

In case you may be running into issues with named/bind domain service on cPanel DNSonly not responding to DNS queries recursively, I have a fix for you.

In older versions of named/bind9 used by cPanel if you wanted to allow anyone (or if you wanted security you could have setup an ACL, let’s assume you want to allow all) you could simply edit the configuration file and change “recursion no;” to “recursion yes;” to allow anyone to make queries to your DNS server for those domains or records that are not kept in your local server (ie: resolve yahoo.com)
Newer versions of BIND9/named changed their past behavior and now require a more specific configuration, just add these under “options” section

options {
...
allow-recursion { any; };
allow-query { any; };
allow-query-cache { any; };
...
};

I found a detailed explanation on why bind/named dns server changed its behavior, on the next page  a copy of the support bulletin from July 2007: