Comment 1 for bug 1423813

Specifically, the /etc/contrail/dns/named.conf on the vDNS nodes has recursion set to "any"...this must be restricted!!!

options {
    directory "/etc/contrail/dns/";
    managed-keys-directory "/etc/contrail/dns/";
    empty-zones-enable no;
    pid-file "/etc/contrail/dns/named.pid";
    listen-on port 53 { any; };
    allow-query { any; };
    allow-recursion { any; };
    allow-query-cache { any; };
};