Our DNS is vulnerable --need help

Matus UHLAR - fantomas uhlar at fantomas.sk
Thu Oct 8 08:40:54 UTC 2009


On 08.10.09 11:15, Alans wrote:
> According to this site (tool) http://recursive.iana.org/ our DNS is
> vulnerable (result is: Is recursive, with source port randomization)! It's
> an ISP's DNS so yes, recursion is available. What can we do to eliminate the
> risk?

the DNS server should provide recursion only for the ISP's customers, which
means, IP ranges assigned to the ISP.

configure allow-recursion with your IP ranges.
-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states. 



More information about the bind-users mailing list