From owner-freebsd-current@FreeBSD.ORG Mon Jul 17 11:34:28 2006 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A394F16A4DA; Mon, 17 Jul 2006 11:34:28 +0000 (UTC) (envelope-from maxim@macomnet.ru) Received: from mp2.macomnet.net (mp2.macomnet.net [195.128.64.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 003E743D53; Mon, 17 Jul 2006 11:34:26 +0000 (GMT) (envelope-from maxim@macomnet.ru) Received: from localhost (localhost.int.ru [127.0.0.1] (may be forged)) by mp2.macomnet.net (8.13.7/8.13.3) with ESMTP id k6HBYOfb048081; Mon, 17 Jul 2006 15:34:24 +0400 (MSD) (envelope-from maxim@macomnet.ru) Date: Mon, 17 Jul 2006 15:34:24 +0400 (MSD) From: Maxim Konovalov To: Jeremie Le Hen In-Reply-To: <20060717113130.GD6253@obiwan.tataz.chchile.org> Message-ID: <20060717153233.Y48063@mp2.macomnet.net> References: <20060608015022.Y52876@mp2.macomnet.net> <20060717113130.GD6253@obiwan.tataz.chchile.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: dougb@freebsd.org, current@freebsd.org Subject: Re: [fbsd] named recursive queries X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2006 11:34:28 -0000 On Mon, 17 Jul 2006, 13:31+0200, Jeremie Le Hen wrote: > Hi Maxim, > > On Thu, Jun 08, 2006 at 01:57:20AM +0400, Maxim Konovalov wrote: > > [ Bikeshed zone ] > > > > I think we need to stop spread misconfigured named's too. Any > > objections? > > > > Index: named.conf > > =================================================================== > > RCS file: /home/ncvs/src/etc/namedb/named.conf,v > > retrieving revision 1.22 > > diff -u -p -r1.22 named.conf > > --- named.conf 5 Sep 2005 13:42:22 -0000 1.22 > > +++ named.conf 7 Jun 2006 21:56:26 -0000 > > @@ -30,6 +30,13 @@ options { > > // > > // forward only; > > > > +// Prevent external networks from using us to query domains we are not > > +// authoritative for. > > +// > > + allow-recursion { > > + localhost; > > + }; > > + > > // If you've got a DNS server around at your upstream provider, enter > > // its IP address here, and enable the line below. This will make you > > // benefit from its cache, thus reduce overall DNS traffic in the Internet. > > Albeit this has been widely agreed, this has not been commited yet. > Does any reason explain this, or you just forgot it ? No, I don't forget -- Doug has some ideas. -- Maxim Konovalov