From cbdec4ae46a8a8e25d58e6ac5cf8352b89d4272e Mon Sep 17 00:00:00 2001
From: Peter van Dijk <peter.van.dijk@netherlabs.nl>
Date: Thu, 10 Jul 2014 16:09:42 +0200
Subject: [PATCH] limit AXFR to loopback by default, closes #1287

---
 pdns/common_startup.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index ccec0ecb4..630348c22 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -95,7 +95,7 @@ void declareArguments()
   ::arg().set("load-modules","Load this module - supply absolute or relative path")="";
   ::arg().set("launch","Which backends to launch and order to query them in")="";
   ::arg().setSwitch("disable-axfr","Disable zonetransfers but do allow TCP queries")="no";
-  ::arg().set("allow-axfr-ips","Allow zonetransfers only to these subnets")="0.0.0.0/0,::/0";
+  ::arg().set("allow-axfr-ips","Allow zonetransfers only to these subnets")="127.0.0.0/8,::1";
   ::arg().set("only-notify", "Only send AXFR NOTIFY to these IP addresses or netmasks")="0.0.0.0/0,::/0";
   ::arg().set("also-notify", "When notifying a domain, also notify these nameservers")="";
   ::arg().set("slave-cycle-interval","Reschedule failed SOA serial checks once every .. seconds")="60";
-- 
2.49.0