Include recursion Warning in named.conf and named.conf.sample (#740894)

Signed-off-by: Tomas Hozza <thozza@redhat.com>

.gitignore

@@ -31,3 +31,4 @@ bind-9.7.2b1.tar.gz
 /config-10.tar.bz2
 /bind-9.9.2-P2.tar.gz
 /bind-9.9.3rc1.tar.gz
+/config-11.tar.bz2

bind.spec

@@ -26,7 +26,7 @@ Summary:  The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
 Name:     bind
 License:  ISC
 Version:  9.9.3
-Release:  0.4.%{PREVER}%{?dist}
+Release:  0.5.%{PREVER}%{?dist}
 Epoch:    32
 Url:      http://www.isc.org/products/BIND/
 Buildroot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -781,6 +781,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %endif
 
 %changelog
+* Fri May 03 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-0.5.rc1
+- Include recursion Warning in named.conf and named.conf.sample (#740894)
+
 * Thu May 02 2013 Tomas Hozza <thozza@redhat.com> 32:9.9.3-0.4.rc1
 - Fix zone2sqlite to quote table names when creating/dropping/inserting (#919417)
 

named.conf.sample

@@ -46,7 +46,17 @@ options
 	allow-query		{ localhost; };
 	allow-query-cache	{ localhost; };
 
-	// Enable/disable recursion - recursion yes/no;
+	/* Enable/disable recursion - recursion yes/no;
+
+	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
+	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
+	   recursion. 
+	 - If your recursive DNS server has a public IP address, you MUST enable access 
+	   control to limit queries to your legitimate users. Failing to do so will
+	   cause your server to become part of large scale DNS amplification 
+	   attacks. Implementing BCP38 within your network would greatly
+	   reduce such attack surface 
+	 */
 	recursion yes;
 
 	/* DNSSEC related options. See information about keys ("Trusted keys", bellow) */

sources

@@ -1,2 +1,2 @@
 f26d0098e96214256cfa2b1b745a8011  bind-9.9.3rc1.tar.gz
-cb4a8ddb193f69b5643a6ae918596fc9  config-10.tar.bz2
+d64062a182bf71dbcae7b2e2fe2cd55b  config-11.tar.bz2