Bug 2968 - Permitting recursion can allow spammers to steal name server resources
Summary: Permitting recursion can allow spammers to steal name server resources
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: bind (show other bugs)
Version: unstable
Hardware: all Linux
: P3 enhancement
Assignee: placeholder@altlinux.org
QA Contact: qa-sisyphus
URL: http://securityfocus.com/archive/1/33...
Keywords:
Depends on:
Blocks:
 
Reported: 2003-09-11 14:51 MSD by Michael Shigorin
Modified: 2005-08-30 02:34 MSD (History)
6 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Shigorin 2003-09-11 14:51:50 MSD
our stock /var/lib/bind/etc/options.conf should include commented-out line like
this:

        allow-recursion { 127.0.0.0/8; 10.0.0.0/8; };

to help system administrators set up name servers in non-world-recursive manner.
Comment 1 Michael Shigorin 2003-09-11 15:00:03 MSD
another candidate could be:

// max-cache-ttl 86400;
Comment 2 Michael Shigorin 2003-09-11 15:07:12 MSD
http://securityfocus.com/archive/1/336987 could be "gently pushed" in stock zone
files too, being proper example.
Comment 3 Dmitry V. Levin 2003-09-11 16:48:48 MSD
Implemented in -9.2.3.rc1-alt2 
Comment 4 Michael Shigorin 2005-08-30 02:23:40 MSD
closing
Comment 5 Michael Shigorin 2005-08-30 02:34:47 MSD
closing