From: Walter Hop <walter@lifeforms.nl>
Date: Thu, 15 Jun 2017 16:47:44 +0000 (+0200)
Subject: howtos: avoid unrestricted recursive resolution in 4.0.x ALIAS example
X-Git-Tag: rec-4.1.0-alpha1~74^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F5417%2Fhead;p=thirdparty%2Fpdns.git

howtos: avoid unrestricted recursive resolution in 4.0.x ALIAS example
---

diff --git a/docs/markdown/authoritative/howtos.md b/docs/markdown/authoritative/howtos.md
index e5d985f291..2085bf52e2 100644
--- a/docs/markdown/authoritative/howtos.md
+++ b/docs/markdown/authoritative/howtos.md
@@ -187,10 +187,11 @@ expand-alias=yes
 
 **note**: If `resolver` is unset, ALIAS expension is disabled!
 
-**note**: In PowerDNS Authoritative Server 4.0.x, the setting [`recursor`](settings.md#recursor) is used instead, and you should omit the [`expand-alias`](settings.md#expand-alias) setting:
+**note**: In PowerDNS Authoritative Server 4.0.x, the setting [`recursor`](settings.md#recursor) is used instead, and you should omit the [`expand-alias`](settings.md#expand-alias) setting. Note that setting [`recursor`](settings.md#recursor) will allow recursive queries to all clients by default, which you likely do not want for security reasons, so you should restrict this:
 
 ```
 recursor=[::1]:5300
+allow-recursion=::1, 127.0.0.1
 ```
 
 Then add the ALIAS record to your zone apex. e.g.: