SPAMMER/SECURITY: Can we block unconfigured zones in bind 8?
Martin McCormick
martin at dc.cis.okstate.edu
Fri May 18 20:28:33 UTC 2001
We use a traditional dns structure with a master and
slave providing dns for everybody on campus as well as the rest
of the Internet. My copy of dns and Bind is the Third Edition so
it stops with bind8 so I am wondering if I can do anything
differently in bind9's named.conf to allow clients on our network to get
recursive answers while making it more difficult for outsiders to
do the same?
I don't much care for the idea of going to a split dns
for our type of operation because it would complicate things and
I am a firm believer in the KISS principle when it comes to
technology.
I suspected that turning off recursion on our master and
slave dns's would absolutely kill _EVERYTHING_ around here but I
tried it on a test system and test client whose resolv.conf only
pointed to the test dns. Of course, anything not okstate.edu became
unreachable. Does this mean that the recursion factor is just
something that single-source dns's must live with?
Martin McCormick WB5AGZ Stillwater, OK
OSU Center for Computing and Information Services Data Communications Group
More information about the bind-users
mailing list