Bug 2968

Summary: Permitting recursion can allow spammers to steal name server resources
Product: Sisyphus Reporter: Michael Shigorin <mike>
Component: bindAssignee: placeholder <placeholder>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: enhancement    
Priority: P3 CC: george, glebfm, ldv, placeholder, sem, slev, vt
Version: unstable   
Hardware: all   
OS: Linux   
URL: http://securityfocus.com/archive/1/336958

Description Michael Shigorin 2003-09-11 14:51:50 MSD 
our stock /var/lib/bind/etc/options.conf should include commented-out line like
this:

        allow-recursion { 127.0.0.0/8; 10.0.0.0/8; };

to help system administrators set up name servers in non-world-recursive manner.
Comment 1 Michael Shigorin 2003-09-11 15:00:03 MSD 
another candidate could be:

// max-cache-ttl 86400;
Comment 2 Michael Shigorin 2003-09-11 15:07:12 MSD 
http://securityfocus.com/archive/1/336987 could be "gently pushed" in stock zone
files too, being proper example.
Comment 3 Dmitry V. Levin 2003-09-11 16:48:48 MSD 
Implemented in -9.2.3.rc1-alt2
Comment 4 Michael Shigorin 2005-08-30 02:23:40 MSD 
closing
Comment 5 Michael Shigorin 2005-08-30 02:34:47 MSD 
closing