problem loading dynamic zone
Alan Clegg
alan at clegg.com
Thu Jan 29 15:24:31 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Other people have taken on the question in the Subject: line, so I'll
go off on a different tact and request that you remove the line:
> query-source address * port 53;
from your configuration, and if it part of a distribution's
named.conf, consider opening a bug ticket with that distribution and
having them remove it from their examples.
By removing the randomization from the query port, you are opening
yourself to all types of mischief by those familiar with the Kaminsky
vulnerability. If you aren't familiar with it yourself, here's a
guide containing 27 8×10 color glossy pictures with circles and arrows
and a paragraph on the back of each one explaining what each one was
to be used as evidence against us...
http://unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html
[And as a side note, the missing dot at the end of the Zone statement
is not the problem]
AlanC
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQEcBAEBCgAGBQJUylCvAAoJEOW2o5eiJADbIvMH+wSNkQQW0cSJ4JdfexeQ6+rR
dnLX7nZzVtj1HKTKNUDE4MxbQRIziT1/pxY8T8EObIqN3V63hk7nwQARYJd1ogCA
pzsnoTdmXiG3ZfhulJdxZf5ZF4EdzAtAQlJ86L4LHcZYhmGn6aqbEOzKkXTa+VYW
1lojWh0cnlgBh9nC1FswYUuQxLPvaLwXhhRDVrX66PmFiCUDQgnZvFCbgoC83JHl
dSjJFeDkVhqkZq+Q5tbh871OAAbcpNx38mKXI6Y0rzN1hIkqyLLq3B7YCqNxGi1G
WzgmhwMdEr3fBAjZtFcj8KZrSQHqFGKdM9YZR3qfkzp/ALMTvRnhnx+3MF8oKTM=
=VcMU
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list