Date: Sun, 30 Jan 2000 17:24:00 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: security@FreeBSD.ORG Subject: Re: Continual DNS requests from mysterious IP Message-ID: <Pine.GSO.3.96.1000130171041.4863B-100000@roble2.roble.com>
next in thread | raw e-mail | index | archive | help
Steinar Haug <sthaug@nethelp.no> wrote:
>"allow-recursion" is your friend.
>
>options {
> allow-recursion {
> localnets;
> x.y.z/24; // Other addresses allowed
> };
>};
>
>Requires BIND 8.2.1 or newer.
Thanks for the example Steinar.
You'd think no recursion would be the default. It probably will be at
some point, however if sendmail is any example, recursion abuse will
become widespread first.
One caveat, if you install bind822-P5 from the ports it will foolishly
put everything under /usr/local. This will have no effect unless you
manually edit the /etc/{default}/rc.conf and define the new location.
A better solution is to:
cd /usr/ports/net/bind8
rm patches/patch-aa patches/patch-ab
before running `make`, `make install`, and `ndc restart`.
--
Roger Marquis
Roble Systems Consulting
http://www.roble.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.3.96.1000130171041.4863B-100000>