[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] bind and recursion

Subject: Re: [cobalt-users] bind and recursion
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed Nov 13 13:16:01 2002
Organization: Front Street Networks LLC
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Wednesday 13 November 2002 16:00, Jay Summers wrote:
> On Wednesday, November 13, 2002, at 05:41  AM, Gerald Waugh wrote:
> > To fix bind for yur nameservers using allow-recursion be careful not to
> > use
> > allow-recursion no
> > or
> > allow-recursion { none; };
> > use
> > allow-recursion { ip.ad.re.ss1; ip.ad.re.ss2 };
> >
> > Sendmail and DNS are two services that need to use recursive lookups.
> > So the ipaddress of the server at least should be allowed recursion
>
> Gerald,
>
> Correct me if I'm wrong, but wouldn't you want to put localhost or
> 127.0.0.1 for Sendmail and DNS or would you just want to use the
> regular IP address of the server? Is there a difference? Please
> clarify. Thanks.
>

I have been running for many hours with the server ip addresses with no 
problem. But I do understand the question, it may be that 127.0.0.1 would be 
"less" exploitable.

It's fast to test, put it in there do an 
`ncd reload; tail -f  /var/log/messages`
Then try and send an email
Or better yet let someone else try and send you an email.

-- 
Gerald Waugh 
http://frontstreetnetworks.com         http://raqware.com
Front Street Networks LLC   Phone: +1 203 785 0699
229 Front Street, Ste. C, New Haven CT 06513-3203

References:
- Re: [cobalt-users] bind and recursion
  - From: Jay Summers

Prev by Date: Re: [cobalt-users] bind and recursion
Next by Date: Re: [cobalt-users] bind and recursion
Previous by thread: Re: [cobalt-users] bind and recursion
Next by thread: Re: [cobalt-users] bind and recursion

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index