Bug 2968 - Permitting recursion can allow spammers to steal name server resources
: Permitting recursion can allow spammers to steal name server resources
Status: CLOSED FIXED
: Sisyphus
(All bugs in Sisyphus/bind)
: unstable
: all Linux
: P3 enhancement
Assigned To:
:
: http://securityfocus.com/archive/1/33...
:
:
:
  Show dependency tree
 
Reported: 2003-09-11 14:51 by
Modified: 2005-08-30 02:34 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2003-09-11 14:51:50
our stock /var/lib/bind/etc/options.conf should include commented-out line like
this:

        allow-recursion { 127.0.0.0/8; 10.0.0.0/8; };

to help system administrators set up name servers in non-world-recursive manner.
------- Comment #1 From 2003-09-11 15:00:03 -------
another candidate could be:

// max-cache-ttl 86400;
------- Comment #2 From 2003-09-11 15:07:12 -------
http://securityfocus.com/archive/1/336987 could be "gently pushed" in stock zone
files too, being proper example.
------- Comment #3 From 2003-09-11 16:48:48 -------
Implemented in -9.2.3.rc1-alt2 
------- Comment #4 From 2005-08-30 02:23:40 -------
closing
------- Comment #5 From 2005-08-30 02:34:47 -------
closing