Security Question
Barry Margolin
barmar at alum.mit.edu
Wed Jul 21 21:03:37 UTC 2004
In article <cdmj90$25no$1 at sf1.isc.org>, tnaves at linkwest.net wrote:
> I was reading some stuff by Microsoft on split dns. They insist that a
> dns server on a private network should never use a root hints file but
> should always forward to the dns server at you ISP.
>
> What do you all think about this? Is it safe to use root hints from a
> private network behind a firewall or should you always forward?
As long as your local DNS server is running a version of BIND that's
resistent to cache poisoning attacks, you should be fine using root
hints.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list