Re: Hardening named.conf

To: Mark Ferlatte <ferlatte@cryptio.net>, Debian-security@lists.debian.org
Subject: Re: Hardening named.conf
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Wed, 28 Jan 2004 23:21:08 -0200
Message-id: <[🔎] 20040129012108.GA9908@khazad-dum.debian.net>
In-reply-to: <[🔎] 20040128221622.GF25146@radix.cryptio.net>
References: <[🔎] 20040128221116.GA20964@vnl.com> <[🔎] 20040128221622.GF25146@radix.cryptio.net>

On Wed, 28 Jan 2004, Mark Ferlatte wrote:
> options {
> 	allow-recursion {
> 		mydomain;
> 	};
> };
> 
> This allows hosts in the mydomain acl to make recursive DNS queries, and blocks
> recursion for everyone else.  Recursion is what allows bind to respond to
> requests for zones it's not actually hosting.

Not really.  Bind will respond to any requests it actually KNOWS ABOUT,
including anything in its cache learned from clients for which recursion
is allowed.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

References:
- Hardening named.conf
  - From: Dale Amon <amon@vnl.com>
- Re: Hardening named.conf
  - From: Mark Ferlatte <ferlatte@cryptio.net>

Prev by Date: Problems chrooting Apache-ssl 1.3.26 under Debian Woody
Next by Date: Re: Hardening named.conf
Previous by thread: Re: Hardening named.conf
Next by thread: Re: Hardening named.conf
Index(es):
- Date
- Thread