On 08.10.09 11:15, Alans wrote: > According to this site (tool) http://recursive.iana.org/ our DNS is > vulnerable (result is: Is recursive, with source port randomization)! It's > an ISP's DNS so yes, recursion is available. What can we do to eliminate the > risk?
the DNS server should provide recursion only for the ISP's customers, which means, IP ranges assigned to the ISP. configure allow-recursion with your IP ranges. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. My mind is like a steel trap - rusty and illegal in 37 states. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users