summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitignore1
-rw-r--r--bind.spec5
-rw-r--r--named.conf.sample12
-rw-r--r--sources2
4 files changed, 17 insertions, 3 deletions
diff --git a/.gitignore b/.gitignore
index 47255df..eee9d8a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,3 +31,4 @@ bind-9.7.2b1.tar.gz
/config-10.tar.bz2
/bind-9.9.2-P2.tar.gz
/bind-9.9.3rc1.tar.gz
+/config-11.tar.bz2
diff --git a/bind.spec b/bind.spec
index 67d796c..69299b3 100644
--- a/bind.spec
+++ b/bind.spec
@@ -26,7 +26,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
Name: bind
License: ISC
Version: 9.9.3
-Release: 0.4.%{PREVER}%{?dist}
+Release: 0.5.%{PREVER}%{?dist}
Epoch: 32
Url: http://www.isc.org/products/BIND/
Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -781,6 +781,9 @@ rm -rf ${RPM_BUILD_ROOT}
%endif
%changelog
+* Fri May 03 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-0.5.rc1
+- Include recursion Warning in named.conf and named.conf.sample (#740894)
+
* Thu May 02 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-0.4.rc1
- Fix zone2sqlite to quote table names when creating/dropping/inserting (#919417)
diff --git a/named.conf.sample b/named.conf.sample
index a071f38..27bced7 100644
--- a/named.conf.sample
+++ b/named.conf.sample
@@ -46,7 +46,17 @@ options
allow-query { localhost; };
allow-query-cache { localhost; };
- // Enable/disable recursion - recursion yes/no;
+ /* Enable/disable recursion - recursion yes/no;
+
+ - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
+ - If you are building a RECURSIVE (caching) DNS server, you need to enable
+ recursion.
+ - If your recursive DNS server has a public IP address, you MUST enable access
+ control to limit queries to your legitimate users. Failing to do so will
+ cause your server to become part of large scale DNS amplification
+ attacks. Implementing BCP38 within your network would greatly
+ reduce such attack surface
+ */
recursion yes;
/* DNSSEC related options. See information about keys ("Trusted keys", bellow) */
diff --git a/sources b/sources
index 5d34cc6..476a071 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
f26d0098e96214256cfa2b1b745a8011 bind-9.9.3rc1.tar.gz
-cb4a8ddb193f69b5643a6ae918596fc9 config-10.tar.bz2
+d64062a182bf71dbcae7b2e2fe2cd55b config-11.tar.bz2
generated by cgit (git 2.34.1) at 2026-01-09 22:36:45 +0000