bind: how to accept authoritative answers only?
Andre Dietisheim
dietisheim at gmx.net
Sat Jan 27 08:42:36 UTC 2001
I tried to figure out how to configure bind (on my TSL1.2) to accept
authoritative answers only, but I didn't succeed.
This should help against IP-Spoofing as named would't accept answers of a
hijacked cache that is used
to spoof addresses. DJBDNS (Bernstein stuff) behaves that way, and I would
have liked to configure bind to work that way.
'allow-recursion {none;}' (named.conf)
doesn't seem to help as far as I know, because it only deals with the
behaviour towards recursive
client-queries. That configuration would result in the fact, that named only
can be queried non-recursively, what usual clients do not support (ex. squid
on the same machine).
Any ideas?
Thanx in advance
More information about the bind-users
mailing list