Re: recursive DNS issue

[Bruno Wolff III <bruno () wolff to>]

On Wed, Mar 03, 2004 at 14:54:38 +1100,
  omifix omnifix <omnifix2001 () yahoo com au> wrote:
> can anybody explain me what the problem is when my
> external DNS server supports recursive DNS queries?

This allows simpler software and configuration so that there is less likely
to be a security problem.

> People are telling me that a DNS server is prone to
> cache poisoning when recursive DNS queries are
> supported.

You shouldn't be using a cache that doesn't discard out of zone glue or one
that makes recursive requests to untrusted dns servers. This is going to be
a problem whether or not you combine a cache with a publishing server.
It may make things worse in that besides possibly hosing internal lookups,
you might also screw up the information about your domains given to other
people.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html