The following reply was made to PR conf/177607; it has been noted by GNATS.
From: Maxim Konovalov <[email protected]> To: Mark Knight <[email protected]> Cc: [email protected] Subject: Re: conf/177607: named.conf comment to slave root suggests potentially dangerous BIND configuration Date: Wed, 3 Apr 2013 16:03:04 +0400 (MSK) Hello, [...] > >Description: > > The comment in the default named.conf encourages users to slave the > root but does not provide > an example configuration that prevent a name server being used as an > amplifier in DDOS attacks. > Users who adopt this configuration by uncommenting the supplied entries > are likely to receive > abuse reports or be unwitting participants in a DDOS attack. > >How-To-Repeat: > Uncomment zone "." entry and then run dig -t ns @x.x.x.x . from the > Internet. With the "listen-on { 127.0.0.1; };" at the line 22 it won't hurt anybody. If you are going to change this setting than you have more work to secure your named server. -- Maxim Konovalov _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
