Subject: Re: NetBSD Security Advisory 2006-022: BIND recursive query and SIG query processing
To: Ben Collver <>
From: Daniel Carosone <>
List: netbsd-users
Date: 09/22/2006 09:56:44
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Sep 21, 2006 at 02:54:43PM -0700, Ben Collver wrote:
> > options {
> >         directory "/etc/namedb";
> >         allow-recursion {;; ::1; };
> > };
> I tried this workaround on NetBSD 3.0 and named refused to stop..
> Sep 21 14:46:13 coldsteel named[24397]: /etc/named.conf:40: unknown optio=
n 'allow-recursion'

Oops. Sorry about that, and thanks for the heads up.. does anyone know
offhand what the equivalent older form of this option is, or was it
only introduced more recently?  If so, we should probably look at
upgrading 3.0's bind to include the ability to restrict this.  There
are plenty of other ways to get screwed without it (traffic
amplification attacks, at least).

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.4.5 (NetBSD)