BIND: limiting recursion just might make things harder for spammers
Rick Moen
rick at linuxmafia.com
Mon Nov 18 10:26:55 PST 2002
Quoting Heather Stern (star at starshine.org):
> I've not played with mydns, but the maradns packages for debian come
> with sample configs where zone updates are naturally restricted; it
> used to be that it didn't even *do* recursion, so it might default to
> entirely off.
I've only now started playing with MaraDNS on a secondary machine, but
note the following from the MaraDNS FAQ, http://www.maradns.org/faq.html:
o The main program does recursive and authoritative service.
o Separate module "zoneserver" serves up zones to secondaries. There's
a tip in FAQ item #23 about ensuring that BIND picks them up.
o Separate module "getzone" receives zones from primaries.
o Recursive queries may not be arriving within the default 2 second
limit. Add "timeout_seconds = 5" to the mararc file. (Too high,
and MaraDNS blocks on unreachable nameservers.)
--
Cheers, "The front line of defense against such sophisticated
Rick Moen viruses is a continually evolving computer operating
rick at linuxmafia.com system that attracts the efforts of eager software
developers." -- Bill Gates
More information about the Baylisa
mailing list