Hi, we are hosting a couple of domains using powerdns, filled by the LDAP backend.
Now I've come across a site that tests DNS settings and essentially for all the domains we host we get some warnings, so for example: -------CUT-------- Took off 20 points since ns1.example.com does not respond authoritatively (can cause unexpected responses and add delays). Took off 10 points since ns1.example.com is an open DNS server (if abused, your DNS may be inaccessible, and over usage could result in slowdowns). -------CUT-------- The first warning is about the notorious "authoritative" problem, dig clearly shows that the AA bit has been set, so that's probably a false positive. Yet the second warning frightens me a bit. This obviously means that everybody can query our name server for any other domain. So far this did not really scare me but after googling around this seems to be a risk. No I have 2 questions: #1 is this really a "risk" except for potentially burdening our name servers with queries from external clients? #2 and if it is a risk, how would I limit the recursion so that only our own domains are recursed? recursor.conf knows the auth-zone directive, yet I can hardly use it with the LDAP backend. Or maybe I am missing something basic here? TIA Udo Rader -- bestsolution.at EDV Systemhaus GmbH http://www.bestsolution.at
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
