ref: c20ae2f4b901128815c1e744e3a2d23256acda84
parent: cf442e829d634703c3a3ec3a81ac9cbc4a7d03ef
author: jrmu <jrmu@cloud9p.org>
date: Wed Jul 31 07:51:06 EDT 2024
Added -L option for dns
--- a/ndb.ms
+++ b/ndb.ms
@@ -18,6 +18,6 @@
To run a caching DNS server, modify /cfg/$sysname/termrc or /cfg/$sysname/cpurc (whichever is appropriate) to include the following:
ndb/dns -rs
-Be aware that there are no access controls to this caching server. This makes the server vulnerable to being used in a DDoS amplification attack using DNS. You will need to firewall off access.
+Be aware that you must include -L to prevent users outside the local network from being able to turn your caching server into an open relay for denial of service amplification attacks. -L provides a crude form of access control. Otherwise, you must firewall off access to prevent becoming an attack vector.