[Pdns-users] query on --out-of-zone-additional-processing
Tom Boland
tom at t0mb.net
Fri Feb 11 10:32:45 UTC 2011
Greetings,
This is from the pdns documentation:
"""
out-of-zone-additional-processing |
--out-of-zone-additional-processing=yes |
--out-of-zone-additional-processing=no
Do out of zone additional processing. This means that if a malicious
user adds a '.com' zone to your server, it is not used for other
domains and will not contaminate answers. Do not enable this setting
if you run a public DNS service with untrusted users. Off by default.
"""
My question is this. The description indicates that setting this to yes
would prevent malicious use of your public authoritative DNS server with
untrusted users (such as in our hosting company), but then goes on to
say that you shouldn't enable this setting if you run a public DNS
service with untrusted users? Could someone please clarify this?
Many thanks. Tom.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20110211/ddb62321/attachment.html>
More information about the Pdns-users
mailing list