Date: Wed, 3 Apr 2013 12:10:01 GMT From: Maxim Konovalov <maxim.konovalov@gmail.com> To: freebsd-bugs@FreeBSD.org Subject: Re: conf/177607: named.conf comment to slave root suggests potentially dangerous BIND configuration Message-ID: <201304031210.r33CA1QR059996@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR conf/177607; it has been noted by GNATS.
From: Maxim Konovalov <maxim.konovalov@gmail.com>
To: Mark Knight <markk@lnigma.org>
Cc: bug-followup@freebsd.org
Subject: Re: conf/177607: named.conf comment to slave root suggests potentially
dangerous BIND configuration
Date: Wed, 3 Apr 2013 16:03:04 +0400 (MSK)
Hello,
[...]
> >Description:
>
> The comment in the default named.conf encourages users to slave the root but does not provide
> an example configuration that prevent a name server being used as an amplifier in DDOS attacks.
> Users who adopt this configuration by uncommenting the supplied entries are likely to receive
> abuse reports or be unwitting participants in a DDOS attack.
> >How-To-Repeat:
> Uncomment zone "." entry and then run dig -t ns @x.x.x.x . from the Internet.
With the "listen-on { 127.0.0.1; };" at the line 22 it won't hurt
anybody. If you are going to change this setting than you have more
work to secure your named server.
--
Maxim Konovalov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201304031210.r33CA1QR059996>