From owner-freebsd-current@FreeBSD.ORG Mon Jul 17 11:30:54 2006 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1159316A4DF; Mon, 17 Jul 2006 11:30:54 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (smtp5-g19.free.fr [212.27.42.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id A434643D53; Mon, 17 Jul 2006 11:30:53 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp5-g19.free.fr (Postfix) with ESMTP id CBB8B25072; Mon, 17 Jul 2006 13:30:52 +0200 (CEST) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id 7743A9B58F; Mon, 17 Jul 2006 11:31:30 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id 45CE7405A; Mon, 17 Jul 2006 13:31:30 +0200 (CEST) Date: Mon, 17 Jul 2006 13:31:30 +0200 From: Jeremie Le Hen To: Maxim Konovalov Message-ID: <20060717113130.GD6253@obiwan.tataz.chchile.org> References: <20060608015022.Y52876@mp2.macomnet.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060608015022.Y52876@mp2.macomnet.net> User-Agent: Mutt/1.5.11 Cc: dougb@freebsd.org, current@freebsd.org Subject: Re: [fbsd] named recursive queries X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 11:30:54 -0000 Hi Maxim, On Thu, Jun 08, 2006 at 01:57:20AM +0400, Maxim Konovalov wrote: > [ Bikeshed zone ] > > I think we need to stop spread misconfigured named's too. Any > objections? > > Index: named.conf > =================================================================== > RCS file: /home/ncvs/src/etc/namedb/named.conf,v > retrieving revision 1.22 > diff -u -p -r1.22 named.conf > --- named.conf 5 Sep 2005 13:42:22 -0000 1.22 > +++ named.conf 7 Jun 2006 21:56:26 -0000 > @@ -30,6 +30,13 @@ options { > // > // forward only; > > +// Prevent external networks from using us to query domains we are not > +// authoritative for. > +// > + allow-recursion { > + localhost; > + }; > + > // If you've got a DNS server around at your upstream provider, enter > // its IP address here, and enable the line below. This will make you > // benefit from its cache, thus reduce overall DNS traffic in the Internet. Albeit this has been widely agreed, this has not been commited yet. Does any reason explain this, or you just forgot it ? Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >