On Wed, Mar 03, 2004 at 14:54:38 +1100, omifix omnifix <[EMAIL PROTECTED]> wrote: > can anybody explain me what the problem is when my > external DNS server supports recursive DNS queries?
This allows simpler software and configuration so that there is less likely to be a security problem. > People are telling me that a DNS server is prone to > cache poisoning when recursive DNS queries are > supported. You shouldn't be using a cache that doesn't discard out of zone glue or one that makes recursive requests to untrusted dns servers. This is going to be a problem whether or not you combine a cache with a publishing server. It may make things worse in that besides possibly hosing internal lookups, you might also screw up the information about your domains given to other people. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
