BIND: limiting recursion just might make things harder for spammers

• Previous message: BIND: limiting recursion just might make things harder for spammers
• Next message: BIND: limiting recursion just might make things harder for spammers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Heather Stern (star at starshine.org):

> I've not played with mydns, but the maradns packages for debian come 
> with sample configs where zone updates are naturally restricted;  it
> used to be that it didn't even *do* recursion, so it might default to
> entirely off.

I've only now started playing with MaraDNS on a secondary machine, but 
note the following from the MaraDNS FAQ, http://www.maradns.org/faq.html:

o  The main program does recursive and authoritative service.
o  Separate module "zoneserver" serves up zones to secondaries.  There's
   a tip in FAQ item #23 about ensuring that BIND picks them up.
o  Separate module "getzone" receives zones from primaries.
o  Recursive queries may not be arriving within the default 2 second
   limit.  Add "timeout_seconds = 5" to the mararc file.  (Too high,
   and MaraDNS blocks on unreachable nameservers.)

-- 
Cheers,              "The front line of defense against such sophisticated 
Rick Moen            viruses is a continually evolving computer operating 
rick at linuxmafia.com  system that attracts the efforts of eager software
                     developers."  -- Bill Gates         

• Previous message: BIND: limiting recursion just might make things harder for spammers
• Next message: BIND: limiting recursion just might make things harder for spammers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]