From 682cc4ce96cf15289ee82e8852e91e47b1c3bd55 Mon Sep 17 00:00:00 2001
From: itojun <itojun@NetBSD.org>
Date: Thu, 23 Mar 2006 13:50:44 +0000
Subject: [PATCH] disable recursion by attackers (yes, attackers do use
 recursion to perform DoS).

---
 etc/named.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/etc/named.conf b/etc/named.conf
index 1cf76d973bb2..ef181e2120eb 100644
--- a/etc/named.conf
+++ b/etc/named.conf
@@ -1,4 +1,4 @@
-# $NetBSD: named.conf,v 1.3 2005/11/29 21:08:13 christos Exp $
+# $NetBSD: named.conf,v 1.4 2006/03/23 13:50:44 itojun Exp $
 
 # boot file for secondary name server
 # Note that there should be one primary entry for each SOA record.
@@ -6,6 +6,7 @@
 options {
 	directory "/etc/namedb";
 	query-source address * port 53;
+	allow-recursion { localhost; localnets; };
 };
 
 zone "." {