Thanks for that, and my problem is now solved - I found the example @ http://support.menandmice.com/jforum/posts/list/25.page
I understand what the issue was now and yes, I was relying on the old default. Thing is, while I understand that running an open query DNS server is not an ideal situation, I am not sure (assuming you are prepared to deal with the bandwidth) what the actual problem is. I understand the issue of the current security breach and the poisoning attack against certain implementations of the DNS daemon, but assuming you are running the latest safest version, is there anything actually wrong with running an open DNS server? ...Skeeve -----Original Message----- From: Chris Buxton [mailto:[EMAIL PROTECTED] Sent: Saturday, 26 July 2008 3:37 PM To: [EMAIL PROTECTED] Cc: [email protected] Subject: Re: Basic Question re Security issue What version of BIND did you upgrade from? If it was BIND 9.3.x or earlier, then I think you have not created an allow-recursion statement - you've been relying on the default of: options { allow-recursion { any; }; }; The new default is: options { allow-recursion { localhost; localnets; }; }; You probably just need to open that back up somewhat. Please do not return your config to using an allow-recursion ACL of { any; }. Keep it as limited as you can while allowing those you must allow. Chris Buxton Professional Services Men & Mice On Jul 25, 2008, at 7:27 PM, Skeeve Stevens wrote: > OK, I upgraded to the latest binds (tried latest 9.4 and 9.5) and the > compatibility with my current 9.4 config file seemed fine, except > recursion > broke. > > So.. for a quick explanation here. > > After we have the latest safe code, what config changes should we be > making > for everything to be ok? > > .Skeeve > > -- > Skeeve Stevens, RHCE > [EMAIL PROTECTED] / www.skeeve.org > Cell +61 (0)414 753 383 / skype://skeeve > > eintellego - [EMAIL PROTECTED] - www.eintellego.net > -- > I'm a groove licked love child king of the verse > Si vis pacem, para bellum > > > > >
