On Wed, 16 Jul 2008, Jeremy Chadwick wrote:
On Thu, Jul 17, 2008 at 12:20:42AM +0800, Eugene Grosbein wrote:
I fully understand and second efforts on educating people
how to configure BIND to be stong to attacks and keep them from using
"query-source address" with "port" option but how about
binding named to particular IP address when host has many of them?
We do such on our authoritative nameservers. The options we use:
Same here...
listen-on { 127.0.0.1; 72.20.106.4; };
query-source address 72.20.106.4;
transfer-source 72.20.106.4;
notify-source 72.20.106.4;
But just that portion. It works, and it passes the test with a std. dev
of 19K or so on the port "randomness".
Charles
interface-interval 0;
use-alt-transfer-source no;
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, USA |
| Making life hard for others since 1977. PGP: 4BD6C0CB |
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
