From owner-freebsd-current@FreeBSD.ORG Mon Jul 17 16:45:36 2006 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B667516A4E0 for ; Mon, 17 Jul 2006 16:45:36 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx22.fluidhosting.com [204.14.89.5]) by mx1.FreeBSD.org (Postfix) with SMTP id EFADF43D46 for ; Mon, 17 Jul 2006 16:45:35 +0000 (GMT) (envelope-from dougb@FreeBSD.org) Received: (qmail 27307 invoked by uid 399); 17 Jul 2006 16:45:35 -0000 Received: from localhost (HELO ?192.168.0.7?) (dougb@dougbarton.us@127.0.0.1) by localhost with SMTP; 17 Jul 2006 16:45:35 -0000 Message-ID: <44BBBEB3.3090900@FreeBSD.org> Date: Mon, 17 Jul 2006 09:45:39 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: Jeremie Le Hen References: <20060608015022.Y52876@mp2.macomnet.net> <20060717113130.GD6253@obiwan.tataz.chchile.org> In-Reply-To: <20060717113130.GD6253@obiwan.tataz.chchile.org> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: current@freebsd.org Subject: Re: [fbsd] named recursive queries X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 16:45:36 -0000 Jeremie Le Hen wrote: > Hi Maxim, > > On Thu, Jun 08, 2006 at 01:57:20AM +0400, Maxim Konovalov wrote: >> [ Bikeshed zone ] >> >> I think we need to stop spread misconfigured named's too. Any >> objections? >> >> Index: named.conf >> =================================================================== >> RCS file: /home/ncvs/src/etc/namedb/named.conf,v >> retrieving revision 1.22 >> diff -u -p -r1.22 named.conf >> --- named.conf 5 Sep 2005 13:42:22 -0000 1.22 >> +++ named.conf 7 Jun 2006 21:56:26 -0000 >> @@ -30,6 +30,13 @@ options { >> // >> // forward only; >> >> +// Prevent external networks from using us to query domains we are not >> +// authoritative for. >> +// >> + allow-recursion { >> + localhost; >> + }; >> + >> // If you've got a DNS server around at your upstream provider, enter >> // its IP address here, and enable the line below. This will make you >> // benefit from its cache, thus reduce overall DNS traffic in the Internet. > > Albeit this has been widely agreed, It has not been widely agreed. I've explained at least 3 times now: 1. This change is not necessary at the moment because the default named.conf already has a listen-on statement that lists only the loopback address. 2. What you're suggesting does not always work the way people think it should, and therefore I want to wait before adding it until some other work that I have in progress is complete. Doug -- This .signature sanitized for your protection