[bind/f19] Include recursion Warning in named.conf and named.conf.sample (#740894)
Tomas Hozza
thozza at fedoraproject.org
Mon May 13 11:11:35 UTC 2013
commit d0fda061350943f2c64a67185ecec236d99e8023
Author: Tomas Hozza <thozza at redhat.com>
Date: Fri May 3 12:50:12 2013 +0200
Include recursion Warning in named.conf and named.conf.sample (#740894)
Signed-off-by: Tomas Hozza <thozza at redhat.com>
.gitignore | 1 +
bind.spec | 5 ++++-
named.conf.sample | 12 +++++++++++-
sources | 2 +-
4 files changed, 17 insertions(+), 3 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 47255df..eee9d8a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,3 +31,4 @@ bind-9.7.2b1.tar.gz
/config-10.tar.bz2
/bind-9.9.2-P2.tar.gz
/bind-9.9.3rc1.tar.gz
+/config-11.tar.bz2
diff --git a/bind.spec b/bind.spec
index 67d796c..69299b3 100644
--- a/bind.spec
+++ b/bind.spec
@@ -26,7 +26,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind
License: ISC
Version: 9.9.3
-Release: 0.4.%{PREVER}%{?dist}
+Release: 0.5.%{PREVER}%{?dist}
Epoch: 32
Url: http://www.isc.org/products/BIND/
Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -781,6 +781,9 @@ rm -rf ${RPM_BUILD_ROOT}
%endif
%changelog
+* Fri May 03 2013 Tomas Hozza <thozza at redhat.com> 32:9.9.3-0.5.rc1
+- Include recursion Warning in named.conf and named.conf.sample (#740894)
+
* Thu May 02 2013 Tomas Hozza <thozza at redhat.com> 32:9.9.3-0.4.rc1
- Fix zone2sqlite to quote table names when creating/dropping/inserting (#919417)
diff --git a/named.conf.sample b/named.conf.sample
index a071f38..27bced7 100644
--- a/named.conf.sample
+++ b/named.conf.sample
@@ -46,7 +46,17 @@ options
allow-query { localhost; };
allow-query-cache { localhost; };
- // Enable/disable recursion - recursion yes/no;
+ /* Enable/disable recursion - recursion yes/no;
+
+ - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
+ - If you are building a RECURSIVE (caching) DNS server, you need to enable
+ recursion.
+ - If your recursive DNS server has a public IP address, you MUST enable access
+ control to limit queries to your legitimate users. Failing to do so will
+ cause your server to become part of large scale DNS amplification
+ attacks. Implementing BCP38 within your network would greatly
+ reduce such attack surface
+ */
recursion yes;
/* DNSSEC related options. See information about keys ("Trusted keys", bellow) */
diff --git a/sources b/sources
index 5d34cc6..476a071 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
f26d0098e96214256cfa2b1b745a8011 bind-9.9.3rc1.tar.gz
-cb4a8ddb193f69b5643a6ae918596fc9 config-10.tar.bz2
+d64062a182bf71dbcae7b2e2fe2cd55b config-11.tar.bz2
More information about the scm-commits
mailing list