Jeremie Le Hen wrote: > Hi Maxim, > > On Thu, Jun 08, 2006 at 01:57:20AM +0400, Maxim Konovalov wrote: >> [ Bikeshed zone ] >> >> I think we need to stop spread misconfigured named's too. Any >> objections? >> >> Index: named.conf >> =================================================================== >> RCS file: /home/ncvs/src/etc/namedb/named.conf,v >> retrieving revision 1.22 >> diff -u -p -r1.22 named.conf >> --- named.conf 5 Sep 2005 13:42:22 -0000 1.22 >> +++ named.conf 7 Jun 2006 21:56:26 -0000 >> _at__at_ -30,6 +30,13 _at__at_ options { >> // >> // forward only; >> >> +// Prevent external networks from using us to query domains we are not >> +// authoritative for. >> +// >> + allow-recursion { >> + localhost; >> + }; >> + >> // If you've got a DNS server around at your upstream provider, enter >> // its IP address here, and enable the line below. This will make you >> // benefit from its cache, thus reduce overall DNS traffic in the Internet. > > Albeit this has been widely agreed, It has not been widely agreed. I've explained at least 3 times now: 1. This change is not necessary at the moment because the default named.conf already has a listen-on statement that lists only the loopback address. 2. What you're suggesting does not always work the way people think it should, and therefore I want to wait before adding it until some other work that I have in progress is complete. Doug -- This .signature sanitized for your protectionReceived on Mon Jul 17 2006 - 14:45:36 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:58 UTC