lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040303162726.GA10251@wolff.to> From: bruno at wolff.to (Bruno Wolff III) Subject: recursive DNS issue On Wed, Mar 03, 2004 at 14:54:38 +1100, omifix omnifix <omnifix2001@...oo.com.au> wrote: > can anybody explain me what the problem is when my > external DNS server supports recursive DNS queries? This allows simpler software and configuration so that there is less likely to be a security problem. > People are telling me that a DNS server is prone to > cache poisoning when recursive DNS queries are > supported. You shouldn't be using a cache that doesn't discard out of zone glue or one that makes recursive requests to untrusted dns servers. This is going to be a problem whether or not you combine a cache with a publishing server. It may make things worse in that besides possibly hosing internal lookups, you might also screw up the information about your domains given to other people.
Powered by blists - more mailing lists