disabling lame server logging
Vernon Schryver
vjs at rhyolite.com
Tue Feb 26 17:48:02 UTC 2013
> From: Daniel McDonald <dan.mcdonald at austinenergy.com>
> That's not to say that there is currently any cache-poisoning vulnerability
> that someone might exploit, or that any current malware makes use of this
> two-phase approach to exploit desktops. But why take the risk when setting
> up bind as a recursive server pointing at roots is so trivial?
It's not clear to me the risk of evil mail causing poisonous lookups
is enough larger than other vectors for poisonous lookups to balance
the costs and risks of additional DNS servers at a small site:
- Partitioning your DNS cache among separate servers reduces its
overall hit rate and so costs more RAM, CPU cycles, and bandwidth.
(given the mention of zen.spamhaus.org, consider the records for .org)
- Maintain another server costs additional system administration
labor and system administration errors.
- Having DNS broken only for mail by an hypothetical evil lookups
is likely to be unnoticed for longer than when all DNS is broken,
especially at small sites.
- Every additional anything increases your attack surface, especially
when it talks to the whole Internet.
There are many situations where those costs are worthwhile, but they
are less common at small sites. When two DNS servers are justified
at a small site, I bet the best common tactic is to put all servers
in all /etc/resolv.conf files or Windows equivalent, but with differing
orders. For example, the mail system might prefer its own DNS server
but fall back to another server.
Vernon Schryver vjs at rhyolite.com
More information about the bind-users
mailing list