Maxim Konovalov wrote: > [ Bikeshed zone ] > > I think we need to stop spread misconfigured named's too. Any > objections? Yes. :) The default named.conf already has the following: listen-on { 127.0.0.1; }; Which is a more effective solution to the problem. (Although you're not the first person to suggest this, so don't feel bad.) :) That said, BIND 9.4 is going to have a default for allow-recursion of "localhost; localnets;" which might be a good thing for us to make explicit now, so our users have a chance to get used to the idea. Comments? Doug > Index: named.conf > =================================================================== > RCS file: /home/ncvs/src/etc/namedb/named.conf,v > retrieving revision 1.22 > diff -u -p -r1.22 named.conf > --- named.conf 5 Sep 2005 13:42:22 -0000 1.22 > +++ named.conf 7 Jun 2006 21:56:26 -0000 > _at__at_ -30,6 +30,13 _at__at_ options { > // > // forward only; > > +// Prevent external networks from using us to query domains we are not > +// authoritative for. > +// > + allow-recursion { > + localhost; > + }; > + > // If you've got a DNS server around at your upstream provider, enter > // its IP address here, and enable the line below. This will make you > // benefit from its cache, thus reduce overall DNS traffic in the Internet. > -- This .signature sanitized for your protectionReceived on Thu Jun 08 2006 - 05:15:59 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:56 UTC