[Unbound-users] allowing cache queries but not doing recursion for "foreign" networks
Robert Edmonds
edmonds at debian.org
Mon Feb 16 00:42:24 UTC 2009
Ondřej Surý wrote:
> Here's the problem. You are trying to enforce your view, since it's your current
> problem. But I hope that's never going to happen in Unbound. We are supposed
> to fixup the old wounds and not open them again and again.
> And I think we are really going offtopic - this is more general DNS issue than
> Unbound specific.
what is unbound specific is that unbound answers rd==0 queries which IMO
it should not and which made this entire pointless thread possible.
(dnscache seems to have not suffered for its decision to drop all rd==0
queries on the floor.)
other examples of user stupidity include publishing howtos like this:
http://www.howtoforge.com/installing-using-unbound-nameserver-on-debian-etch
which recommends the following ACL:
access-control: 0.0.0.0/0 allow
this one is a bit harder to prevent since really obstinate users can ask
for two /1's or four /2's...
--
Robert Edmonds
edmonds at debian.org
More information about the Unbound-users
mailing list