Bind open to query from anyone
John Wobus
jw354 at cornell.edu
Tue Jan 6 23:52:30 UTC 2009
As you suspect, this is a bad idea.
Those who cannot query the server cannot poison the cache
using the loopholes in the DNS protocol, i.e. put false data in
your nameserver for names like www.google.com, www.yahoo.com, etc.
There can be other impediments to poisoning the cache in this manner,
but simply blocking such queries is an extremely effective way to
to totally eliminate a huge number of potential poisoners.
On Jan 5, 2009, at 6:15 AM, Chris Henderson wrote:
> I've setup a secondary name server which works as a secondary or slave
> name server for my zone or domain name. However, I have tested and
> noticed that I can query for non-authoritative answers from my
> secondary or slave name server from outside my network. That is, any
> one can use my name server to query any host name, eg. www.google.com,
> www.yahoo.com etc. Is this a bad idea? How can I stop this?
>
> Thanks for any suggestions.
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list