lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040303162726.GA10251@wolff.to>
From: bruno at wolff.to (Bruno Wolff III)
Subject: recursive DNS issue

On Wed, Mar 03, 2004 at 14:54:38 +1100,
  omifix omnifix <omnifix2001@...oo.com.au> wrote:
> can anybody explain me what the problem is when my
> external DNS server supports recursive DNS queries?

This allows simpler software and configuration so that there is less likely
to be a security problem.

> People are telling me that a DNS server is prone to
> cache poisoning when recursive DNS queries are
> supported.

You shouldn't be using a cache that doesn't discard out of zone glue or one
that makes recursive requests to untrusted dns servers. This is going to be
a problem whether or not you combine a cache with a publishing server.
It may make things worse in that besides possibly hosing internal lookups,
you might also screw up the information about your domains given to other
people.


Powered by blists - more mailing lists