Re: conf/177607: named.conf comment to slave root suggests poten

The following reply was made to PR conf/177607; it has been noted by GNATS.

From: Mark Knight <markk@knigma.org>
To: Maxim Konovalov <maxim.konovalov@gmail.com>
Cc: bug-followup@freebsd.org
Subject: Re: conf/177607: named.conf comment to slave root suggests potentially
 dangerous BIND configuration
Date: Wed, 03 Apr 2013 15:51:35 +0100

 Thanks for fixing up the Repy-To.

 I stupidly uncommented these lines on a box *assuming* it was safe. Once 
 upon a time responding to root DNS queries wouldn't have been considered 
 a bad thing. However today I received an abuse@ report to thank me for 
 my error. The comment above the stanza doesn't mention the amplifier 
 threat (although it does mention general caution) and appears to offer a 
 good suggestion for improving resilience and reducing net traffic that's 
 "ready to run". Clearly it isn't.

 My rationale was that it's a quick and easy fix and given the recent 
 attacks it was worth giving this a high priority in the name of 
 pro-active security. It's a potential security issue and is therefore 
 serious. Apologies if I've exaggerated the threat.
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscribe@freebsd.org"