#2968 – Permitting recursion can allow spammers to steal name server resources

Bug 2968 - Permitting recursion can allow spammers to steal name server resources

Summary: Permitting recursion can allow spammers to steal name server resources

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	bind (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 enhancement
Assignee:	placeholder@altlinux.org
QA Contact:	qa-sisyphus

URL:	http://securityfocus.com/archive/1/33...
Keywords:

Depends on:
Blocks:

Reported:	2003-09-11 14:51 MSD by Michael Shigorin
Modified:	2005-08-30 02:34 MSD (History)
CC List:	6 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Shigorin 2003-09-11 14:51:50 MSD

our stock /var/lib/bind/etc/options.conf should include commented-out line like
this:

        allow-recursion { 127.0.0.0/8; 10.0.0.0/8; };

to help system administrators set up name servers in non-world-recursive manner.

Comment 1 Michael Shigorin 2003-09-11 15:00:03 MSD

another candidate could be:

// max-cache-ttl 86400;

Comment 2 Michael Shigorin 2003-09-11 15:07:12 MSD

http://securityfocus.com/archive/1/336987 could be "gently pushed" in stock zone
files too, being proper example.

Comment 3 Dmitry V. Levin 2003-09-11 16:48:48 MSD

Implemented in -9.2.3.rc1-alt2

Comment 4 Michael Shigorin 2005-08-30 02:23:40 MSD

closing

Comment 5 Michael Shigorin 2005-08-30 02:34:47 MSD

closing