[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: bruno at wolff.to (Bruno Wolff III)
Subject: recursive DNS issue
On Wed, Mar 03, 2004 at 14:54:38 +1100,
omifix omnifix <omnifix2001@...oo.com.au> wrote:
> can anybody explain me what the problem is when my
> external DNS server supports recursive DNS queries?
This allows simpler software and configuration so that there is less likely
to be a security problem.
> People are telling me that a DNS server is prone to
> cache poisoning when recursive DNS queries are
> supported.
You shouldn't be using a cache that doesn't discard out of zone glue or one
that makes recursive requests to untrusted dns servers. This is going to be
a problem whether or not you combine a cache with a publishing server.
It may make things worse in that besides possibly hosing internal lookups,
you might also screw up the information about your domains given to other
people.
Powered by blists - more mailing lists