[nycbug-talk] dns abuse
Max Gribov
max at neuropunks.org
Mon Jan 19 16:14:25 EST 2009
Miles Nordin wrote:
> but the usual fix is to limit recursive service to your own ip's:
> options {
> /* fucking chinese pointing themselves at me */
> allow-recursion { fw; };
>
hmm, thats what i had there before, since the jails use the master for
their dns server, so recursion was allowed to their ip's.
But trying to dig @finn.neuropunks.org . ns from any ip on net still
returned the . zone, while no recursive queries would work.
my rfc foo fails me, so i dont know which behavior is proper..
> };
> acl localhost6 { ::1/128; };
> acl fw { 192.168.0.0/16; 69.31.131.32/27; 2610:1f8:dc::/48; localhost; localhost6; };
>
> you can still serve your local authoritative zones to the internet
> even though you refuse recursive service to the internet. The root
> servers themselves are configured this way.
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
More information about the talk
mailing list