From ab4f2ac28193bc7e3994f57043e65c3a145f031b Mon Sep 17 00:00:00 2001 From: Marco Platania Date: Tue, 4 Apr 2017 12:35:22 -0400 Subject: [PATCH] Disallow recursive DNS queries Change-Id: Iec14e531448e30ef19b3efb6301100c462860558 Signed-off-by: Marco Platania --- boot/bind_options | 4 ++-- boot/bind_zones | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/boot/bind_options b/boot/bind_options index d65cc323..0bb67697 100644 --- a/boot/bind_options +++ b/boot/bind_options @@ -4,8 +4,8 @@ acl "trusted" { options { directory "/var/cache/bind"; - recursion yes; # enables recursive queries - allow-recursion { netmask; }; # allows recursive queries from "trusted” clients i.e. LB only + recursion no; # enables recursive queries + //allow-recursion { netmask; }; # allows recursive queries from "trusted” clients i.e. LB only listen-on { dns_ip_addr; }; # ns1 IP address - listen on this address only allow-transfer { none; }; # disable zone transfers by default diff --git a/boot/bind_zones b/boot/bind_zones index 1c0b27e7..73b21583 100644 --- a/boot/bind_zones +++ b/boot/bind_zones @@ -64,7 +64,7 @@ vm1.portal.simpledemo.openecomp.org. IN A portal_ip_addr c1.vm1.portal.simpledemo.openecomp.org. IN A portal_ip_addr c2.vm1.portal.simpledemo.openecomp.org. IN A portal_ip_addr -vm1.aaf.simpledemo.openecomp.org. IN A aaf_ip_addr +;vm1.aaf.simpledemo.openecomp.org. IN A aaf_ip_addr vm1.mr.simpledemo.openecomp.org. IN A mr_ip_addr -- 2.16.6