From owner-freebsd-bugs@FreeBSD.ORG  Wed Apr  3 12:10:01 2013
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id DF6766C3
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Wed,  3 Apr 2013 12:10:01 +0000 (UTC)
 (envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 by mx1.freebsd.org (Postfix) with ESMTP id D0943A62
 for <freebsd-bugs@smarthost.ysv.freebsd.org>;
 Wed,  3 Apr 2013 12:10:01 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r33CA1Ib059997
 for <freebsd-bugs@freefall.freebsd.org>; Wed, 3 Apr 2013 12:10:01 GMT
 (envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r33CA1QR059996;
 Wed, 3 Apr 2013 12:10:01 GMT (envelope-from gnats)
Date: Wed, 3 Apr 2013 12:10:01 GMT
Message-Id: <201304031210.r33CA1QR059996@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Maxim Konovalov <maxim.konovalov@gmail.com>
Subject: Re: conf/177607: named.conf comment to slave root suggests potentially
 dangerous BIND configuration
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: Maxim Konovalov <maxim.konovalov@gmail.com>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Apr 2013 12:10:01 -0000

The following reply was made to PR conf/177607; it has been noted by GNATS.

From: Maxim Konovalov <maxim.konovalov@gmail.com>
To: Mark Knight <markk@lnigma.org>
Cc: bug-followup@freebsd.org
Subject: Re: conf/177607: named.conf comment to slave root suggests potentially
 dangerous BIND configuration
Date: Wed, 3 Apr 2013 16:03:04 +0400 (MSK)

 Hello,
 
 [...]
 > >Description:
 >
 > 	The comment in the default named.conf encourages users to slave the root but does not provide
 > 	an example configuration that prevent a name server being used as an amplifier in DDOS attacks.
 > 	Users who adopt this configuration by uncommenting the supplied entries are likely to receive
 > 	abuse reports or be unwitting participants in a DDOS attack.
 > >How-To-Repeat:
 > 	Uncomment zone "." entry and then run dig -t ns @x.x.x.x . from the Internet.
 
 With the "listen-on { 127.0.0.1; };" at the line 22 it won't hurt
 anybody.  If you are going to change this setting than you have more
 work to secure your named server.
 
 -- 
 Maxim Konovalov