On 10.01.2006, at 09:14, lore wrote:
> Alle 17:49, lunedì 9 gennaio 2006, Morten Nilsen ha scritto:
>> lore wrote:
>>> view "external-in" in {
>>> recursion yes;
>>
>> no. no no no no. bad! bad admin! do not allow the world to recurse!
>
> ok...sorry, but without it, the commands "host www.google.it" and
> "host
> localhost" don't work...
it seems like localhost don't fall into the internal-in view,
if you get it to work with this lines (see above), check how your
view internal-in is defined.
>
>>
>> spammers and scriptkiddies love recursing dnses.
I run a dns trap, by applying a rate after the recursive dns is
blocked for the world, and there hasn't been ONE incident in five
years (since march 2001 to be exact).
the problem seems to be over estimated, since there are huge
providers stil not closing their recursive dns from the outside (not
to fingerpoint anybody, but the only extra large ripe class provider
in austria is still doing it).
matthias
ps: but in general, and for new installations I have to support
morten, don't open recursive for all. not b/c of the scriptkiddies
and spammers, but because of the DoS chance. You need your nameserver
badly.
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss
