Full Disclosure mailing list archives
Re: recursive DNS issue
From: Bruno Wolff III <bruno () wolff to>
Date: Wed, 3 Mar 2004 10:27:26 -0600
On Wed, Mar 03, 2004 at 14:54:38 +1100, omifix omnifix <omnifix2001 () yahoo com au> wrote:
can anybody explain me what the problem is when my external DNS server supports recursive DNS queries?
This allows simpler software and configuration so that there is less likely to be a security problem.
People are telling me that a DNS server is prone to cache poisoning when recursive DNS queries are supported.
You shouldn't be using a cache that doesn't discard out of zone glue or one that makes recursive requests to untrusted dns servers. This is going to be a problem whether or not you combine a cache with a publishing server. It may make things worse in that besides possibly hosing internal lookups, you might also screw up the information about your domains given to other people. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- recursive DNS issue omifix omnifix (Mar 02)
- Re: recursive DNS issue Bruno Wolff III (Mar 03)
- Re: [Plugins-writers] recursive DNS issue Paul Johnston (Mar 04)
- Re: [Plugins-writers] recursive DNS issue John Lampe (Mar 04)