Article 14280 at 08/11/09 03:57:38 From: dan (at mark) dogsbody.org Subject: [coba-e:14280] Re: Cache snooping attacks, bind

Index: [Article Count Order] [Thread]

Date:  Sat, 08 Nov 2008 18:57:29 +0000
From:  Dogsbody <dan (at mark) dogsbody.org>
Subject:  [coba-e:14280] Re: Cache snooping attacks, bind
To:  coba-e (at mark) bluequartz.org
Message-Id:  <4915E119.3070304 (at mark) dogsbody.org>
In-Reply-To:  <C8374F0143A34A7EB0E269FE54BE12F4@OfficeKen>
References:  <490F2542.3040509 (at mark) rainstormconsulting.com> <491029C1.30503 (at mark) dogsbody.org> <49142FC2.4050303 (at mark) rainstormconsulting.com> <C8374F0143A34A7EB0E269FE54BE12F4 (at mark) OfficeKen>
X-Mail-Count: 14280

>> I am reposting to see if anyone can help. Can BIND be upgraded to 
>> 9.4.1-P1 without issue/conflict with the GUI?
>>
>> We really need the 'allow-query-cache' option to maintain PCI 
>> compliance and this is not available until the 9.4.1-P1 release.
> 
> All you need to do is not allow recursion for IPs outside your network.
> For example my /var/named/chroot/etc/named.conf      begins with:

If that's the case then you can set that in the GUI! Just in case you 
didn't know :-)

Dan