From d0fda061350943f2c64a67185ecec236d99e8023 Mon Sep 17 00:00:00 2001 From: Tomas Hozza Date: May 03 2013 10:50:12 +0000 Subject: Include recursion Warning in named.conf and named.conf.sample (#740894) Signed-off-by: Tomas Hozza --- diff --git a/.gitignore b/.gitignore index 47255df..eee9d8a 100644 --- a/.gitignore +++ b/.gitignore @@ -31,3 +31,4 @@ bind-9.7.2b1.tar.gz /config-10.tar.bz2 /bind-9.9.2-P2.tar.gz /bind-9.9.3rc1.tar.gz +/config-11.tar.bz2 diff --git a/bind.spec b/bind.spec index 67d796c..69299b3 100644 --- a/bind.spec +++ b/bind.spec @@ -26,7 +26,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv Name: bind License: ISC Version: 9.9.3 -Release: 0.4.%{PREVER}%{?dist} +Release: 0.5.%{PREVER}%{?dist} Epoch: 32 Url: http://www.isc.org/products/BIND/ Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -781,6 +781,9 @@ rm -rf ${RPM_BUILD_ROOT} %endif %changelog +* Fri May 03 2013 Tomas Hozza 32:9.9.3-0.5.rc1 +- Include recursion Warning in named.conf and named.conf.sample (#740894) + * Thu May 02 2013 Tomas Hozza 32:9.9.3-0.4.rc1 - Fix zone2sqlite to quote table names when creating/dropping/inserting (#919417) diff --git a/named.conf.sample b/named.conf.sample index a071f38..27bced7 100644 --- a/named.conf.sample +++ b/named.conf.sample @@ -46,7 +46,17 @@ options allow-query { localhost; }; allow-query-cache { localhost; }; - // Enable/disable recursion - recursion yes/no; + /* Enable/disable recursion - recursion yes/no; + + - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. + - If you are building a RECURSIVE (caching) DNS server, you need to enable + recursion. + - If your recursive DNS server has a public IP address, you MUST enable access + control to limit queries to your legitimate users. Failing to do so will + cause your server to become part of large scale DNS amplification + attacks. Implementing BCP38 within your network would greatly + reduce such attack surface + */ recursion yes; /* DNSSEC related options. See information about keys ("Trusted keys", bellow) */ diff --git a/sources b/sources index 5d34cc6..476a071 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ f26d0098e96214256cfa2b1b745a8011 bind-9.9.3rc1.tar.gz -cb4a8ddb193f69b5643a6ae918596fc9 config-10.tar.bz2 +d64062a182bf71dbcae7b2e2fe2cd55b config-11.tar.bz2