JINMEI Tatuya wrote:
> How about the patch copied below? With this it would fail like this:
>
> 24-Aug-2009 16:46:41.334
> /Users/jinmei/src/isc/bind9-current/bin/named/named.conf:22: failed to
> add dnsbl-1.uceprotect.net for deny-answer-addresses: already exists
> 24-Aug-2009 16:46:41.334 load
Jeremy C. Reed wrote:
> Thank you very much for testing the alpha release.
My pleasure! I had a workaround resulting in dns-rebind protection in
my pdnsd[1] resolver, but pdnsd doesn't support dnssec and a few other
features.
[1] http://www.phys.uu.nl/~rombouts/pdnsd.html
>> deny-answer-addr
'uname -rms'
Linux 2.6.30.4-spott-gecd13d4 i686
'/l/sbin/named -V'
BIND 9.7.0a2 built with '--prefix=/opt/bind/9.7.0a2'
'--with-openssl=yes' '--disable-linux-caps'
'--sysconfdir=/usr/local/etc' '--localstatedir=/var' 'CFLAGS=-O'
I want to disallow rebinding-attacks in a caching resolver. In the
3 matches
Mail list logo
