The following reply was made to PR conf/177607; it has been noted by GNATS.
From: Mark Knight <ma...@knigma.org> To: Maxim Konovalov <maxim.konova...@gmail.com> Cc: bug-follo...@freebsd.org Subject: Re: conf/177607: named.conf comment to slave root suggests potentially dangerous BIND configuration Date: Wed, 03 Apr 2013 15:51:35 +0100 Thanks for fixing up the Repy-To. I stupidly uncommented these lines on a box *assuming* it was safe. Once upon a time responding to root DNS queries wouldn't have been considered a bad thing. However today I received an abuse@ report to thank me for my error. The comment above the stanza doesn't mention the amplifier threat (although it does mention general caution) and appears to offer a good suggestion for improving resilience and reducing net traffic that's "ready to run". Clearly it isn't. My rationale was that it's a quick and easy fix and given the recent attacks it was worth giving this a high priority in the name of pro-active security. It's a potential security issue and is therefore serious. Apologies if I've exaggerated the threat. _______________________________________________ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
