[Fedora] Re: bind lame servers

Jason L Tibbitts III tibbs at math.uh.edu
Fri May 25 05:37:38 UTC 2007


>>>>> "AMK" == Ashley M Kirchner <ashley at pcraft.com> writes:

AMK> Hrm, not sure what you're referring to ... yet.

Essentially, you want machines on your network to be able to point to
your DNS server(s) in /etc/resolv.conf so that they ask those servers
to do all lookups for them.  But you don't want hosts outside of your
network to do the same thing; it's like providing free work for
everyone on the Internet and can cause other problems (like opening
you to DNS cache poisoning attacks) and of course violates the
principle of exposing as little as possible to the global network.

BTW, the simpler thing to do is to use "allow-recursion" in the
options section of named.conf to list out the netblocks which can
perform recursive queries.

 - J<




More information about the fedora-list mailing list