[bind/f19] Include recursion Warning in named.conf and named.conf.sample (#740894)

Tomas Hozza thozza at fedoraproject.org
Mon May 13 11:11:35 UTC 2013 

commit d0fda061350943f2c64a67185ecec236d99e8023
Author: Tomas Hozza <thozza at redhat.com>
Date:   Fri May 3 12:50:12 2013 +0200

    Include recursion Warning in named.conf and named.conf.sample (#740894)
    
    Signed-off-by: Tomas Hozza <thozza at redhat.com>

 .gitignore        |    1 +
 bind.spec         |    5 ++++-
 named.conf.sample |   12 +++++++++++-
 sources           |    2 +-
 4 files changed, 17 insertions(+), 3 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 47255df..eee9d8a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,3 +31,4 @@ bind-9.7.2b1.tar.gz
 /config-10.tar.bz2
 /bind-9.9.2-P2.tar.gz
 /bind-9.9.3rc1.tar.gz
+/config-11.tar.bz2
diff --git a/bind.spec b/bind.spec
index 67d796c..69299b3 100644
--- a/bind.spec
+++ b/bind.spec
@@ -26,7 +26,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  ISC
 Version:  9.9.3
-Release:  0.4.%{PREVER}%{?dist}
+Release:  0.5.%{PREVER}%{?dist}
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -781,6 +781,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif
 
 %changelog
+* Fri May 03 2013 Tomas Hozza <thozza at redhat.com> 32:9.9.3-0.5.rc1
+- Include recursion Warning in named.conf and named.conf.sample (#740894)
+
 * Thu May 02 2013 Tomas Hozza <thozza at redhat.com> 32:9.9.3-0.4.rc1
 - Fix zone2sqlite to quote table names when creating/dropping/inserting (#919417)
 
diff --git a/named.conf.sample b/named.conf.sample
index a071f38..27bced7 100644
--- a/named.conf.sample
+++ b/named.conf.sample
@@ -46,7 +46,17 @@ options
 	allow-query		{ localhost; };
 	allow-query-cache	{ localhost; };
 
-	// Enable/disable recursion - recursion yes/no;
+	/* Enable/disable recursion - recursion yes/no;
+
+	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
+	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
+	   recursion. 
+	 - If your recursive DNS server has a public IP address, you MUST enable access 
+	   control to limit queries to your legitimate users. Failing to do so will
+	   cause your server to become part of large scale DNS amplification 
+	   attacks. Implementing BCP38 within your network would greatly
+	   reduce such attack surface 
+	 */
 	recursion yes;
 
 	/* DNSSEC related options. See information about keys ("Trusted keys", bellow) */
diff --git a/sources b/sources
index 5d34cc6..476a071 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 f26d0098e96214256cfa2b1b745a8011  bind-9.9.3rc1.tar.gz
-cb4a8ddb193f69b5643a6ae918596fc9  config-10.tar.bz2
+d64062a182bf71dbcae7b2e2fe2cd55b  config-11.tar.bz2

More information about the scm-commits mailing list