[linux-elitists] WashPost article (was Re: sobig.f: Microsoft Windows virus, not computer virus)

Nick Moffitt nick@zork.net
Mon Aug 25 16:38:57 PDT 2003


begin  Karsten M. Self  quotation:
> BIND is in far worse shape, and the alternatives are far fewer.

Fortunately I learned a degree of BIND paranoia from Richard Couture.
Can anyone here help improve on this named.conf?

options {
        directory "/var/cache/bind";
        named-xfer              "/usr/sbin/named-xfer";
        dump-file               "/var/log/named_dump.db";
        memstatistics-file      "/var/log/named.memstats";
        pid-file                "/var/run/named.pid";
        statistics-file         "/var/log/named.stats";
        auth-nxdomain           yes;
        deallocate-on-exit      no;
        fake-iquery             no;
        fetch-glue              yes;
        host-statistics         no;
        multiple-cnames         no;
        notify                  yes;
        recursion               yes;
        check-names             master fail;
        check-names             slave warn;
        check-names             response ignore;
        allow-query             { any; };
        allow-transfer          { 127.0.0.1;  };
        max-transfer-time-in    5;
        transfer-format         one-answer;
        transfers-in            10;
        transfers-out           10;
        transfers-per-ns        2;
        cleaning-interval       60;
        interface-interval      60;
        statistics-interval     60;
};

[actual zones follow]


-- 
Support your droogs!

end



More information about the linux-elitists mailing list