blob: d235da680a2f1d8cd85aa2ff0ef44e5e4235f410 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
bind9 (1:9.4.0-1) experimental; urgency=low
As of bind 9.4, allow-query-cache and allow-recursion default to the
builtin acls 'localnets' and 'localhost'. If you are setting up a
name server for a network, you will almost certainly need to change
this.
The change in default has been done to make caching servers less
attractive as reflective amplifying targets for spoofed traffic.
This still leaves authoritative servers exposed.
The best fix is for full BCP 38 deployment to remove spoofed traffic.
-- LaMont Jones <lamont@debian.org> Wed, 03 Oct 2007 00:52:44 -0600
|
