[Pdns-users] query on --out-of-zone-additional-processing

Tom Boland tom at t0mb.net
Fri Feb 11 10:32:45 UTC 2011


Greetings,

This is from the pdns documentation:

"""
out-of-zone-additional-processing | 
--out-of-zone-additional-processing=yes | 
--out-of-zone-additional-processing=no

    Do out of zone additional processing. This means that if a malicious
    user adds a '.com' zone to your server, it is not used for other
    domains and will not contaminate answers. Do not enable this setting
    if you run a public DNS service with untrusted users. Off by default.

"""

My question is this.  The description indicates that setting this to yes 
would prevent malicious use of your public authoritative DNS server with 
untrusted users (such as in our hosting company), but then goes on to 
say that you shouldn't enable this setting if you run a public DNS 
service with untrusted users?  Could someone please clarify this?


Many thanks.  Tom.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20110211/ddb62321/attachment.html>


More information about the Pdns-users mailing list