At 5:29 PM +0700 2002/10/12, Robert Elz wrote:

 How do you propose that it figure out what is a "local" network and what
 isn't?   The only way would be explicit config, and other than
 configuring 0/0 as "local" what you create is a maintenance nighthmare.
Scan the interfaces (and their netmasks). BIND does that already. Of course, you can always add or over-ride network definitions.

 And in any case, answering queries for random clients from all over the
 place isn't a real security/reliability problem for anyone other than the
 random clients.  They're the ones choosing to query some random remote
 server, so they can be expected to either understand what they're doing,
 or simply not care.
By turning off recursive/caching for non-local clients, you do reduce abuse of services (and potential DoS issues), but more importantly you teach them that they need to be running their own nameservers, and hopefully those machines will be more resistant to cache pollution/poisoning.

 I also half suspect that it is a bit late for this.   People have already
 now learned how DNS servers should be run,
I disagree. Many people seem to think they know how they should be run, but they are wrong. We should make the software more idiot-resistant.

                                            and for the majority, that's
 a server that answer queries for local and remote users alike - doing
 recursive lookups when appropriate.
That capability should exist, yes. But it should not be the default configuration. At the very least, if you were to turn on authoritative service and recursive/caching service on the same machine, the latter should be restricted to local clients.

                                      Make it impossible to work that
 way, and much of the population will simply not use the new implementation.
I'm not suggesting that we make it impossible. Just that we make it optional and flip the switch the other way by default.

 Make it optional (as you suggested) and much of the population will
 simply turn the switch back to the current mode.
Maybe. My experience is that the vast majority of people just take the default (whatever that is). If we can make the default more secure, then most people will benefit.

--
Brad Knowles, <[EMAIL PROTECTED]>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
#----------------------------------------------------------------------
# To unsubscripbe, send a message to <[EMAIL PROTECTED]>.


Reply via email to