Subject: Re: NetBSD Security Advisory 2006-022: BIND recursive query and SIG query processing
To: Ben Collver <collver@peak.org>
From: Daniel Carosone <dan@geek.com.au>
List: netbsd-users
Date: 09/22/2006 10:09:08
--Nfdvbq9Sp0FyoZ+m
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Sep 22, 2006 at 09:56:44AM +1000, Daniel Carosone wrote:
> On Thu, Sep 21, 2006 at 02:54:43PM -0700, Ben Collver wrote:
> > > options {
> > >         directory "/etc/namedb";
> > >         allow-recursion { 1.2.3.4/24; 127.0.0.1/32; ::1; };
> > > };
> >=20
> > I tried this workaround on NetBSD 3.0 and named refused to stop..
> >=20
> > Sep 21 14:46:13 coldsteel named[24397]: /etc/named.conf:40: unknown opt=
ion 'allow-recursion'
>=20
> Oops. Sorry about that, and thanks for the heads up.. does anyone know
> offhand what the equivalent older form of this option is, or was it
> only introduced more recently?

For the benefit of the wider readership:=20

After some further clarification, this was user error.  The
instructions are correct for 3.0, as I very much expected them to be.
The problem was that the option must be placed in the options section,
as in the example, not in a zone section.

--
Dan.
--Nfdvbq9Sp0FyoZ+m
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (NetBSD)

iD8DBQFFEymkEAVxvV4N66cRAhzuAJ9GtGy83MDrfwE9HQaZ3xRpSzq6QgCg4x1e
XCYw6CW5AhZXcgtiJ10ml5A=
=X6nh
-----END PGP SIGNATURE-----

--Nfdvbq9Sp0FyoZ+m--