weird perfmonce BIND version 9.6
Alan Clegg
alan at clegg.com
Wed Sep 25 20:23:57 UTC 2013
On Sep 25, 2013, at 3:23 PM, Brian Cuttler <brian at wadsworth.org> wrote:
> In our switch from BIND 8.3.3 to 9.8.2 we failed to add the now
> necessary statements.
>
> recursion yes;
> allow-recursion { any; };
> allow-query { any; };
> allow-query-cache { any; };
>
> I realize your problem may be entirely different.
And by doing this, you made yourself (again) an open recursive resolver capable of being used as a DoS amplifier.
Please don't use "any" in these ACLs. Set ACLs that include only the address ranges that you control.
This public service announcement brought to you by those that care about the Internet.
(but thanks from upgrading to a relatively new version of BIND)
AlanC
--
Alan Clegg | +1-919-355-8851 | alan at clegg.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130925/291c4450/attachment.bin>
More information about the bind-users
mailing list