LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

It is non-obvious for authoritative BIND views

It is non-obvious for authoritative BIND views

Posted Feb 12, 2008 16:03 UTC (Tue) by hmh (subscriber, #3838)
In reply to: It's not too difficult by mgb
Parent article: DNS Inventor Warns of Next Big Threat (Dark Reading) 

Your example is not enough to properly configure an authoritative server (although it is good
enough for a recursion-only cache server, I think).

The proper configuration for an authoritative BIND server ends up requiring the use of views
if you also need it to be a recursive server for some clients, I think.

For the authoritative view, you need:

        additional-from-auth no;
        additional-from-cache no;

as well as the more obvious:
        recursion no;

Otherwise, you are still a problem for others (DoS amplifier at the very least).

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds