Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 29 Jan 2000 09:44:53 -0800 (PST)
From:      Samara McCord <mccord@zytek.com>
To:        phk@critter.freebsd.dk, sthaug@nethelp.no
Cc:        fbsd-security@ursine.com, freebsd-security@FreeBSD.ORG
Subject:   Re: Continual DNS requests from mysterious IP
Message-ID:  <200001291744.JAA36290@floozy.zytek.com>
In-Reply-To: <99753.949164993@verdi.nethelp.no>

next in thread | previous in thread | raw e-mail | index | archive | help
>> Tell named to only recurse for your own IP range (takes code hacking).
>
>Not really. "allow-recursion" is your friend.
>
>options {
>	allow-recursion {
>		localnets;
>		x.y.z/24;	// Other addresses allowed
>	};
>};
>
>Requires BIND 8.2.1 or newer.
>

Thanks, this was helpful.  Also, I've found that you can emulate this
behavior on BIND 8.2 (which doesn't have allow-recursion) by the following:

options {
	allow-query { localnets; }
}
zone "xxx.com" {
	type master;
	...
	allow-query { any; }
	...
}

This says that for queries within the authoritative zone, allow
anything, but for all other queries, only allow specific IPs.

Sam


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001291744.JAA36290>