Re: Differences between 9.3 and later versions

> On Feb 23 2010, Matus UHLAR - fantomas wrote: >> since 9.5, the default for allow-recursion is { localhost; localnets; >> }; previous versions used iirc { all; }; On 23.02.10 16:48, Chris Thompson wrote: > Actually, that change was made in 9.4. (Some of the cross-inheritance of > the different

Re: Differences between 9.3 and later versions

In message <20100223145337.c0rua.72226.r...@cdptpa-web25-z02>, jcarrol...@cfl.r r.com writes: > Please do not crucify me. > > Due to an security audit I have been given the task of upgrading our BIND fro > m 9.3 to a new version (9.7 is preferred). Using the package from sunfreeware > .com (Solar

Re: Differences between 9.3 and later versions

On Feb 23 2010, Matus UHLAR - fantomas wrote: since 9.5, the default for allow-recursion is { localhost; localnets; }; previous versions used iirc { all; }; Actually, that change was made in 9.4. (Some of the cross-inheritance of the different query-* access controls wasn't there until 9.4.2,

Re: Differences between 9.3 and later versions

On 23.02.10 09:53, jcarrol...@cfl.rr.com wrote: > Due to an security audit I have been given the task of upgrading our BIND > from 9.3 to a new version (9.7 is preferred). Using the package from > sunfreeware.com (Solaris 10/X86) the upgrade seem to work well. However, > whenever someone tries to n

Summary: Differences between 9.3 and later versions

This mailing list rocks. Many thanks to Stephane Bortzmeyer and Jay Ford. Both where spot on with "allow-query". Now BIND 9.7 resolves to the outside. JC jcarrol...@cfl.rr.com wrote: > Please do not crucify me. > > Due to an security audit I have been given the task of upgrading our BIN

Re: Differences between 9.3 and later versions

On Tue, 23 Feb 2010, jcarrol...@cfl.rr.com wrote: Due to an security audit I have been given the task of upgrading our BIND from 9.3 to a new version (9.7 is preferred). Using the package from sunfreeware.com (Solaris 10/X86) the upgrade seem to work well. However, whenever someone tries to nsl

Re: Differences between 9.3 and later versions

On Tue, Feb 23, 2010 at 09:53:37AM -0500, jcarrol...@cfl.rr.com wrote a message of 9 lines which said: > However, whenever someone tries to nslookup (or dig) an external > site (i.e. cnn.com) they get REFUSED. If I back down to the 9.3 > version all is well. allow-query and allow-query-cache

Differences between 9.3 and later versions

Please do not crucify me. Due to an security audit I have been given the task of upgrading our BIND from 9.3 to a new version (9.7 is preferred). Using the package from sunfreeware.com (Solaris 10/X86) the upgrade seem to work well. However, whenever someone tries to nslookup (or dig) an extern