cache server allow-recursion no problem?
WebReactor Networks
bind at webreactor.net
Tue Mar 12 17:02:43 UTC 2002
David:
There is a good paper at < http://rr.sans.org/firewall/DNS_spoof.php > which
explains DNS spoofing. By allowing external IPs to issue recursive queries
you allow an attacker to potentially "poison" your cache.
- John R. S.
> From: xiao at info.sta.net.cn (David Xiao)
> Organization: http://groups.google.com/
> Newsgroups: comp.protocols.dns.bind
> Date: 11 Mar 2002 22:40:33 -0800
> To: comp-protocols-dns-bind at isc.org
> Subject: cache server allow-recursion no problem?
>
>
> someone told me to turn off recursion query on my primary and
> secondary nameserver.They said that may cause DNS Spoofing Attack.
>
> but they told me to allow-recursion on my cache server.So my dial-up
> clients can query other domains.
> Doesn't cache server cause DNS Spoofing Attack?
> What is DNS Spoofing Attack?
>
> thank you!
>
>
More information about the bind-users
mailing list