mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-21 04:49:01 +02:00
bind: Expand description of services.bind.cacheNetworks
The new description should give more clear understanding of when to edit the option. I used NixOS to set up a DNS server that is authoritative for certain zones. The description of the `cacheNetworks` option made me think I needed to set it to `"any"` to allow people to query the zone I set up. Reading the source of the module would have clarified my understanding, but at the time I just read the description and thought little of it. Later I discovered I was getting tons of DNS requests and presumably being used for a DNS amplification attack or similar. I have fixed the problem now, but I would like the option to have a clearer description so others don't make the same mistake I did.
This commit is contained in:
parent
943508a7fa
commit
9abc97dc65
|
@ -78,7 +78,11 @@ in
|
|||
cacheNetworks = mkOption {
|
||||
default = ["127.0.0.0/24"];
|
||||
description = "
|
||||
What networks are allowed to use us as a resolver.
|
||||
What networks are allowed to use us as a resolver. Note
|
||||
that this is for recursive queries -- all networks are
|
||||
allowed to query zones configured with the `zones` option.
|
||||
It is recommended that you limit cacheNetworks to avoid your
|
||||
server being used for DNS amplification attacks.
|
||||
";
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in a new issue