Public DNS - recursion no - Access to the Internet
Mark Andrews
Mark_Andrews at isc.org
Mon Feb 19 21:16:26 UTC 2007
> In article <erclul$2sgj$1 at sf1.isc.org>,
> Jarek Buczy?ski <jaro80 at gmail.com> wrote:
>
> > Threat's growing :)
> > Below is next quote:
> >
> > "If you use multiple nameserver directives, don't use the loopback address!
> > There's a bug in some Berkeley-derived TCP/IP implementations that can cause
> > problems with BIND if the local nameserver is down. The resolver's connected
> > datagram socket won't rebind to a new local address if the local nameserver
> > isn't running, and consequently the resolver sends query packets to the
> > fallback remote nameservers with a source address of 127.0.0.1. When the
> > remote nameservers try to reply, they end up sending the reply packets to
> > themselves."
>
> I think that bug was fixed at least a decade ago, so it's probably not
> an important caveat.
And it is detectable at the application layer.
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> *** PLEASE don't copy me on replies, I'll read them in the group ***
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list