DNS cache poisoning - am I safe if I limit recursion to trusted local networks?
tale
d.lawrence at salesforce.com
Wed Dec 29 18:24:46 UTC 2021
On Wed, Dec 29, 2021 at 5:31 AM Danilo Godec via bind-users
<bind-users at lists.isc.org> wrote:
> I have an authoritative DNS server for a domain, but I was also going to
> use the same server as a recursive DNS for my internal network, limiting
> recursion by the IP. Apparently, this is a bad idea that can lead to
> cache poisoning...
In short, no, this configuration with a BIND 9 server does not
increase your risk of cache poisoning any more than running your local
server in pure recursive mode. I'm curious to hear more from the
source that has given you this impression. I suspect there were some
additional qualifications that don't align with what you've described.
--
tale
More information about the bind-users
mailing list