On Wed, 28 Nov 2012, webmaster wrote: > When I got the bx box figured it should be the same?
Not necessarily. Some of the BIND features have changed over time. Notably, older BIND before 4.<something> would provide a root-server listing answer to queries for which the server wasn't authoritative in attempt to be helpful. Later ones provide a 'refused' if recursion is not allowed to the host making the query. There's some BIND patches being proposed that may mitigate (but not eliminate) some of the DoS attacks. AFAIK, the patches aren't yet in 'production' releases yet. Due to the way RedHat/CENTOS does version updates, some changes may be incorporated into the repository updates although the BIND version number itself appears older. > I have read where this is bad but every time I would un-check it my > world blew up so I checked it to make the issues go away If you check it, *and* enter the IPs/networks you specifically want to allow to do recursion, you should be ok. Not specifying can default to 'any', which is Bad. > It's is now Unchecked and everything hasn't blown up like before. Times have changed. Attacks are increasingly common, and vulnerable servers as searched for and exploited by bots. =^_^= Tigerwolf _______________________________________________ Blueonyx mailing list [email protected] http://mail.blueonyx.it/mailman/listinfo/blueonyx
