From owner-freebsd-current@FreeBSD.ORG  Thu Jun  8 00:30:07 2006
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: current@freebsd.org
Delivered-To: freebsd-current@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2AA1516E8B2;
	Wed,  7 Jun 2006 21:57:23 +0000 (UTC)
	(envelope-from maxim@macomnet.ru)
Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E0BD643D46;
	Wed,  7 Jun 2006 21:57:21 +0000 (GMT)
	(envelope-from maxim@macomnet.ru)
Received: from localhost (localhost [127.0.0.1])
	by mp2.macomnet.net (8.13.4/8.13.3) with ESMTP id k57LvKLR054417;
	Thu, 8 Jun 2006 01:57:20 +0400 (MSD)
	(envelope-from maxim@macomnet.ru)
Date: Thu, 8 Jun 2006 01:57:20 +0400 (MSD)
From: Maxim Konovalov <maxim@macomnet.ru>
To: current@freebsd.org
Message-ID: <20060608015022.Y52876@mp2.macomnet.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: dougb@freebsd.org
Subject: named recursive queries
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Jun 2006 00:30:08 -0000

[ Bikeshed zone ]

I think we need to stop spread misconfigured named's too.  Any
objections?

Index: named.conf
===================================================================
RCS file: /home/ncvs/src/etc/namedb/named.conf,v
retrieving revision 1.22
diff -u -p -r1.22 named.conf
--- named.conf	5 Sep 2005 13:42:22 -0000	1.22
+++ named.conf	7 Jun 2006 21:56:26 -0000
@@ -30,6 +30,13 @@ options {
 //
 //      forward only;

+// Prevent external networks from using us to query domains we are not
+// authoritative for.
+//
+	allow-recursion {
+		localhost;
+	};
+
 // If you've got a DNS server around at your upstream provider, enter
 // its IP address here, and enable the line below.  This will make you
 // benefit from its cache, thus reduce overall DNS traffic in the Internet.

-- 
Maxim Konovalov

---------- Forwarded message ----------
Date: Wed, 17 May 2006 07:25:47 -0700 (PDT)
From: Sascha Wildner <swildner@crater.dragonflybsd.org>
To: commits@crater.dragonflybsd.org
Subject: cvs commit: src/etc/namedb named.conf

swildner    2006/05/17 07:25:47 PDT

DragonFly src repository

  Modified files:
    etc/namedb           named.conf
  Log:
  Per default, restrict recursive queries to 127.0.0.1.

  Submitted-by: Gary <gary@velocity-servers.net>
  OK-by:        corecode, joerg

  Revision  Changes    Path
  1.4       +9 -1      src/etc/namedb/named.conf


http://www.dragonflybsd.org/cvsweb/src/etc/namedb/named.conf.diff?r1=1.3&r2=1.4&f=u