On Sep 25, 2013, at 3:23 PM, Brian Cuttler <br...@wadsworth.org> wrote:
> In our switch from BIND 8.3.3 to 9.8.2 we failed to add the now
> necessary statements.
>
> recursion yes;
> allow-recursion { any; };
> allow-query { any; };
> allow-query-cache { any; };
>
> I realize your problem may be entirely different.
And by doing this, you made yourself (again) an open recursive resolver capable
of being used as a DoS amplifier.
Please don't use "any" in these ACLs. Set ACLs that include only the address
ranges that you control.
This public service announcement brought to you by those that care about the
Internet.
(but thanks from upgrading to a relatively new version of BIND)
AlanC
--
Alan Clegg | +1-919-355-8851 | a...@clegg.com
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
