Date: Sat, 29 Jan 2000 09:44:53 -0800 (PST) From: Samara McCord <mccord@zytek.com> To: phk@critter.freebsd.dk, sthaug@nethelp.no Cc: fbsd-security@ursine.com, freebsd-security@FreeBSD.ORG Subject: Re: Continual DNS requests from mysterious IP Message-ID: <200001291744.JAA36290@floozy.zytek.com> In-Reply-To: <99753.949164993@verdi.nethelp.no>
next in thread | previous in thread | raw e-mail | index | archive | help
>> Tell named to only recurse for your own IP range (takes code hacking).
>
>Not really. "allow-recursion" is your friend.
>
>options {
> allow-recursion {
> localnets;
> x.y.z/24; // Other addresses allowed
> };
>};
>
>Requires BIND 8.2.1 or newer.
>
Thanks, this was helpful. Also, I've found that you can emulate this
behavior on BIND 8.2 (which doesn't have allow-recursion) by the following:
options {
allow-query { localnets; }
}
zone "xxx.com" {
type master;
...
allow-query { any; }
...
}
This says that for queries within the authoritative zone, allow
anything, but for all other queries, only allow specific IPs.
Sam
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001291744.JAA36290>