From owner-freebsd-security Sun Jan 30 17:24: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from roble.com (roble.com [206.40.34.50]) by hub.freebsd.org (Postfix) with ESMTP id 61C9314D5A for ; Sun, 30 Jan 2000 17:24:02 -0800 (PST) (envelope-from sendmail@roble.com) Received: from roble2.roble.com (roble2.roble.com [206.40.34.52]) by roble.com (Roble1b) with SMTP id RAA16393 for ; Sun, 30 Jan 2000 17:24:04 -0800 (PST) Date: Sun, 30 Jan 2000 17:24:00 -0800 (PST) From: Roger Marquis To: security@FreeBSD.ORG Subject: Re: Continual DNS requests from mysterious IP Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Steinar Haug wrote: >"allow-recursion" is your friend. > >options { > allow-recursion { > localnets; > x.y.z/24; // Other addresses allowed > }; >}; > >Requires BIND 8.2.1 or newer. Thanks for the example Steinar. You'd think no recursion would be the default. It probably will be at some point, however if sendmail is any example, recursion abuse will become widespread first. One caveat, if you install bind822-P5 from the ports it will foolishly put everything under /usr/local. This will have no effect unless you manually edit the /etc/{default}/rc.conf and define the new location. A better solution is to: cd /usr/ports/net/bind8 rm patches/patch-aa patches/patch-ab before running `make`, `make install`, and `ndc restart`. -- Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message