Date: Wed, 16 Jul 2008 13:57:05 -0700 From: Jeremy Chadwick <koitsu@FreeBSD.org> To: Eugene Grosbein <eugen@kuzbass.ru> Cc: stable@freebsd.org Subject: Re: named.conf: query-source address Message-ID: <20080716205705.GA25198@eos.sc1.parodius.com> In-Reply-To: <20080716162042.GA27666@svzserv.kemerovo.su> References: <20080716162042.GA27666@svzserv.kemerovo.su>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 17, 2008 at 12:20:42AM +0800, Eugene Grosbein wrote:
> I fully understand and second efforts on educating people
> how to configure BIND to be stong to attacks and keep them from using
> "query-source address" with "port" option but how about
> binding named to particular IP address when host has many of them?
We do such on our authoritative nameservers. The options we use:
listen-on { 127.0.0.1; 72.20.106.4; };
query-source address 72.20.106.4;
transfer-source 72.20.106.4;
notify-source 72.20.106.4;
interface-interval 0;
use-alt-transfer-source no;
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080716205705.GA25198>