From: Marco Platania <platania@research.att.com>
Date: Tue, 4 Apr 2017 16:35:22 +0000 (-0400)
Subject: Disallow recursive DNS queries
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=demo.git;a=commitdiff_plain;h=ab4f2ac28193bc7e3994f57043e65c3a145f031b

Disallow recursive DNS queries

Change-Id: Iec14e531448e30ef19b3efb6301100c462860558
Signed-off-by: Marco Platania <platania@research.att.com>
---

diff --git a/boot/bind_options b/boot/bind_options
index d65cc323..0bb67697 100644
--- a/boot/bind_options
+++ b/boot/bind_options
@@ -4,8 +4,8 @@ acl "trusted" {
 options {
         directory "/var/cache/bind";
 
-        recursion yes;                 # enables recursive queries
-        allow-recursion { netmask; };  # allows recursive queries from "trusted” clients i.e. LB only
+        recursion no;                 # enables recursive queries
+        //allow-recursion { netmask; };  # allows recursive queries from "trusted” clients i.e. LB only
         listen-on { dns_ip_addr; };   # ns1 IP address - listen on this address only
         allow-transfer { none; };      # disable zone transfers by default
 
diff --git a/boot/bind_zones b/boot/bind_zones
index 1c0b27e7..73b21583 100644
--- a/boot/bind_zones
+++ b/boot/bind_zones
@@ -64,7 +64,7 @@ vm1.portal.simpledemo.openecomp.org.           IN      A       portal_ip_addr
 c1.vm1.portal.simpledemo.openecomp.org.        IN      A       portal_ip_addr
 c2.vm1.portal.simpledemo.openecomp.org.        IN      A       portal_ip_addr
 
-vm1.aaf.simpledemo.openecomp.org.	IN	A	aaf_ip_addr
+;vm1.aaf.simpledemo.openecomp.org.	IN	A	aaf_ip_addr
 
 vm1.mr.simpledemo.openecomp.org.	IN	A	mr_ip_addr