From: Peter van Dijk <peter.van.dijk@netherlabs.nl>
Date: Thu, 10 Jul 2014 14:09:42 +0000 (+0200)
Subject: limit AXFR to loopback by default, closes #1287
X-Git-Tag: auth-3.4.0-rc1~89
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cbdec4ae46a8a8e25d58e6ac5cf8352b89d4272e;p=thirdparty%2Fpdns.git

limit AXFR to loopback by default, closes #1287
---

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index ccec0ecb4d..630348c22e 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -95,7 +95,7 @@ void declareArguments()
   ::arg().set("load-modules","Load this module - supply absolute or relative path")="";
   ::arg().set("launch","Which backends to launch and order to query them in")="";
   ::arg().setSwitch("disable-axfr","Disable zonetransfers but do allow TCP queries")="no";
-  ::arg().set("allow-axfr-ips","Allow zonetransfers only to these subnets")="0.0.0.0/0,::/0";
+  ::arg().set("allow-axfr-ips","Allow zonetransfers only to these subnets")="127.0.0.0/8,::1";
   ::arg().set("only-notify", "Only send AXFR NOTIFY to these IP addresses or netmasks")="0.0.0.0/0,::/0";
   ::arg().set("also-notify", "When notifying a domain, also notify these nameservers")="";
   ::arg().set("slave-cycle-interval","Reschedule failed SOA serial checks once every .. seconds")="60";