Description of problem: Open recursive dns servers are the new scourge of the internet. They are used by botnets to send multi-gigabyte DDOS streams to a third-party victim site. https://www.isc.org/wordpress/is-your-open-dns-resolver-part-of-a-criminal-conspiracy/ The delivered /etc/named.conf file really needs a short note to any newbie admin that they need to take great care to not open up their resolver to the world at large. As it is, all the old-timers know that you aren't supposed to do this, but where is a newbie supposed to find this out? There are mutterings that some Red Hat products (RHEL) might even be delivered with an open resolver as default. Please propagate this bug to the other products if appropriate. Medium severity was chosen only because this is a serious bug that is actively being exploited in the wild, but it does have a config-file runtime work around. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
*** This bug has been marked as a duplicate of bug 740894 ***