On Thu, Jul 17, 2008 at 12:20:42AM +0800, Eugene Grosbein wrote: > I fully understand and second efforts on educating people > how to configure BIND to be stong to attacks and keep them from using > "query-source address" with "port" option but how about > binding named to particular IP address when host has many of them?
We do such on our authoritative nameservers. The options we use: listen-on { 127.0.0.1; 72.20.106.4; }; query-source address 72.20.106.4; transfer-source 72.20.106.4; notify-source 72.20.106.4; interface-interval 0; use-alt-transfer-source no; -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB | _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"