hi, another list member has explained me that allow-recursion is comma separated parameter, i just edited that line and now i have a pretty secure resolver, im sending this email so other members (newbies may be) dont make the same mistake, thank to all for this great piece of software .
On Fri, Apr 19, 2013 at 9:27 AM, Miguel Miranda <[email protected]>wrote: > hello guys, i have two identical servers, the only one difference between > both are their ip address, for some estrange reason when i test my auth > domains in www.intodns.com it tells me one of then allows anonymous > recursive querys. i have double checked the config and nothing is wrong, i > have pdns-recursor running in localhost and an access list configured in > pdns, this is the pdns.conf file: > > setuid=pdns > setgid=pdns > allow-recursion=127.0.0.0/8 \ > a.b.c.d \ > e.f.g.h \ > j.k.l.m > cache-ttl=300 > daemon=yes > disable-tcp=yes > distributor-threads=25 > guardian=yes > launch=gmysql > gmysql-host=127.0.0.1 > gmysql-dbname=powerdns > gmysql-user=pdns > gmysql-password=J4s0n2013 > lazy-recursion=yes > local-address=200.12.232.4 > local-port=53 > log-dns-details=no > log-dns-queries=no > log-failed-updates=no > max-cache-entries=2000000 > negquery-cache-ttl=0 > query-cache-ttl=300 > query-logging=no > receiver-threads=25 > recursive-cache-ttl=300 > recursor=127.0.0.1 > webserver=yes > webserver-address=w.x.y.z > > > and this is the recursor.conf file > > setuid=pdns-recursor > setgid=pdns-recursor > daemon=yes > dont-query=127.0.0.0/8 > local-address=127.0.0.1 > local-port=53 > log-common-errors=no > max-cache-entries=2000000 > max-negative-ttl=0 > max-packetcache-entries=2000000 > packetcache-servfail-ttl=0 > quiet=yes > threads=15 > > > Please give me some advise so i dont get blacklisted for having a > vulnerable dns recursor. > regards >
_______________________________________________ Pdns-users mailing list [email protected] http://mailman.powerdns.com/mailman/listinfo/pdns-users
