named recursive queries
Doug Barton
dougb at FreeBSD.org
Thu Jun 8 07:16:01 UTC 2006
Maxim Konovalov wrote:
> [ Bikeshed zone ]
>
> I think we need to stop spread misconfigured named's too. Any
> objections?
Yes. :) The default named.conf already has the following:
listen-on { 127.0.0.1; };
Which is a more effective solution to the problem. (Although you're not the
first person to suggest this, so don't feel bad.) :)
That said, BIND 9.4 is going to have a default for allow-recursion of
"localhost; localnets;" which might be a good thing for us to make explicit
now, so our users have a chance to get used to the idea. Comments?
Doug
> Index: named.conf
> ===================================================================
> RCS file: /home/ncvs/src/etc/namedb/named.conf,v
> retrieving revision 1.22
> diff -u -p -r1.22 named.conf
> --- named.conf 5 Sep 2005 13:42:22 -0000 1.22
> +++ named.conf 7 Jun 2006 21:56:26 -0000
> @@ -30,6 +30,13 @@ options {
> //
> // forward only;
>
> +// Prevent external networks from using us to query domains we are not
> +// authoritative for.
> +//
> + allow-recursion {
> + localhost;
> + };
> +
> // If you've got a DNS server around at your upstream provider, enter
> // its IP address here, and enable the line below. This will make you
> // benefit from its cache, thus reduce overall DNS traffic in the Internet.
>
--
This .signature sanitized for your protection
More information about the freebsd-current
mailing list