named recursive queries

From: Maxim Konovalov <maxim_at_macomnet.ru>
Date: Thu, 8 Jun 2006 01:57:20 +0400 (MSD)
[ Bikeshed zone ]

I think we need to stop spread misconfigured named's too.  Any
objections?

Index: named.conf
===================================================================
RCS file: /home/ncvs/src/etc/namedb/named.conf,v
retrieving revision 1.22
diff -u -p -r1.22 named.conf
--- named.conf	5 Sep 2005 13:42:22 -0000	1.22
+++ named.conf	7 Jun 2006 21:56:26 -0000
_at__at_ -30,6 +30,13 _at__at_ options {
 //
 //      forward only;

+// Prevent external networks from using us to query domains we are not
+// authoritative for.
+//
+	allow-recursion {
+		localhost;
+	};
+
 // If you've got a DNS server around at your upstream provider, enter
 // its IP address here, and enable the line below.  This will make you
 // benefit from its cache, thus reduce overall DNS traffic in the Internet.

-- 
Maxim Konovalov

---------- Forwarded message ----------
Date: Wed, 17 May 2006 07:25:47 -0700 (PDT)
From: Sascha Wildner <swildner_at_crater.dragonflybsd.org>
To: commits_at_crater.dragonflybsd.org
Subject: cvs commit: src/etc/namedb named.conf

swildner    2006/05/17 07:25:47 PDT

DragonFly src repository

  Modified files:
    etc/namedb           named.conf
  Log:
  Per default, restrict recursive queries to 127.0.0.1.

  Submitted-by: Gary <gary_at_velocity-servers.net>
  OK-by:        corecode, joerg

  Revision  Changes    Path
  1.4       +9 -1      src/etc/namedb/named.conf


http://www.dragonflybsd.org/cvsweb/src/etc/namedb/named.conf.diff?r1=1.3&r2=1.4&f=u
Received on Wed Jun 07 2006 - 22:30:07 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:56 UTC