Bind 8 hardening {Scanned}

SW wppiphoto at
Thu Dec 30 21:07:26 UTC 2004

Hi Peter,

>> Slave /etc/named.conf:
> As a non-dns issue but still importent ; you should not use
> ip, it's unassigned and will very likley hit
> you in the future.  Use "real" assigned ones or rfc-1918 ones.

The ip address of is not my 'real' ip address but I used it 
to post here to the public. My real ip address is a valid one.

>     allow-recursion { internal; };
>     recursion no;

Also, I had to remove the 'recursion no' from my /etc/named.conf because I 
was not able to access the Internet from lan so not sure if the 
'allow-recursion' will take care of not allowing people from outside to use 
my name server?

> acl internal { 192.168.100/24; 100.168.100/24; };

I also changed the above to only have the 100.168.100/24 ip block (btw, this 
is not my real ip address...just use this for posting to here).



-------------------------------------------------        |        WPPi.Net
-------------------------------------------------   |
------------------------------------------------- & WPPi.Net MailScanner Signature
This message has been scanned for viruses
and dangerous content by WPPi MailScanner,
and has been found to be clean.

More information about the bind-users mailing list