Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 17 Jul 2006 09:45:39 -0700
From:      Doug Barton <dougb@FreeBSD.org>
To:        Jeremie Le Hen <jeremie@le-hen.org>
Cc:        current@freebsd.org
Subject:   Re: [fbsd] named recursive queries
Message-ID:  <44BBBEB3.3090900@FreeBSD.org>
In-Reply-To: <20060717113130.GD6253@obiwan.tataz.chchile.org>
References:  <20060608015022.Y52876@mp2.macomnet.net> <20060717113130.GD6253@obiwan.tataz.chchile.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Jeremie Le Hen wrote:
> Hi Maxim,
> 
> On Thu, Jun 08, 2006 at 01:57:20AM +0400, Maxim Konovalov wrote:
>> [ Bikeshed zone ]
>>
>> I think we need to stop spread misconfigured named's too.  Any
>> objections?
>>
>> Index: named.conf
>> ===================================================================
>> RCS file: /home/ncvs/src/etc/namedb/named.conf,v
>> retrieving revision 1.22
>> diff -u -p -r1.22 named.conf
>> --- named.conf	5 Sep 2005 13:42:22 -0000	1.22
>> +++ named.conf	7 Jun 2006 21:56:26 -0000
>> @@ -30,6 +30,13 @@ options {
>>  //
>>  //      forward only;
>>
>> +// Prevent external networks from using us to query domains we are not
>> +// authoritative for.
>> +//
>> +	allow-recursion {
>> +		localhost;
>> +	};
>> +
>>  // If you've got a DNS server around at your upstream provider, enter
>>  // its IP address here, and enable the line below.  This will make you
>>  // benefit from its cache, thus reduce overall DNS traffic in the Internet.
> 
> Albeit this has been widely agreed, 

It has not been widely agreed. I've explained at least 3 times now:

1. This change is not necessary at the moment because the default named.conf
already has a listen-on statement that lists only the loopback address.

2. What you're suggesting does not always work the way people think it
should, and therefore I want to wait before adding it until some other work
that I have in progress is complete.

Doug

-- 

    This .signature sanitized for your protection



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44BBBEB3.3090900>