Re: [fbsd] named recursive queries

From: Doug Barton <dougb_at_FreeBSD.org>
Date: Mon, 17 Jul 2006 09:45:39 -0700
Jeremie Le Hen wrote:
> Hi Maxim,
> 
> On Thu, Jun 08, 2006 at 01:57:20AM +0400, Maxim Konovalov wrote:
>> [ Bikeshed zone ]
>>
>> I think we need to stop spread misconfigured named's too.  Any
>> objections?
>>
>> Index: named.conf
>> ===================================================================
>> RCS file: /home/ncvs/src/etc/namedb/named.conf,v
>> retrieving revision 1.22
>> diff -u -p -r1.22 named.conf
>> --- named.conf	5 Sep 2005 13:42:22 -0000	1.22
>> +++ named.conf	7 Jun 2006 21:56:26 -0000
>> _at__at_ -30,6 +30,13 _at__at_ options {
>>  //
>>  //      forward only;
>>
>> +// Prevent external networks from using us to query domains we are not
>> +// authoritative for.
>> +//
>> +	allow-recursion {
>> +		localhost;
>> +	};
>> +
>>  // If you've got a DNS server around at your upstream provider, enter
>>  // its IP address here, and enable the line below.  This will make you
>>  // benefit from its cache, thus reduce overall DNS traffic in the Internet.
> 
> Albeit this has been widely agreed, 

It has not been widely agreed. I've explained at least 3 times now:

1. This change is not necessary at the moment because the default named.conf
already has a listen-on statement that lists only the loopback address.

2. What you're suggesting does not always work the way people think it
should, and therefore I want to wait before adding it until some other work
that I have in progress is complete.

Doug

-- 

    This .signature sanitized for your protection
Received on Mon Jul 17 2006 - 14:45:36 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:58 UTC