[Pdns-dev] allow-axfr-ips
Norbert Sendetzky
norbert at linuxnetworks.de
Mon Aug 4 12:12:20 CEST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Bert
I've attached a patch to adept the description of allow-axfr-ips to
the new behaviour.
Furthermore I've seen that for disable-axfr two options are defined:
- - arg().set("disable-axfr","Do not allow zone transfers")="no";
- - arg().setSwitch("disable-axfr","Disable zonetransfers but do allow
TCP queries")="no";
Why?
Shouldn't we either set disable-axfr=yes or set
allow-axfr-ips=127.0.0.1 by default for security reasons? Maybe
somebody could use AXFR requests of large zone to produce denial of
service attacks.
Norbert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj8uI3QACgkQxMLs5v5/7eCQjwCgpSL7KF3wtlLtK+k0kWeqQ9R9
HsQAniMUyvGhmOoRZYK32rhUrLQYzYMj
=v9ZH
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: allow_axfr_ips.diff
Type: text/x-diff
Size: 738 bytes
Desc: not available
Url : http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20030804/c8c21641/allow_axfr_ips.bin
More information about the Pdns-dev
mailing list