> > You're using a resolving name server somewhere. That resolving name > server almost certainly has a cache.
I only use my ISP's resolvers which do have caches, but that's AT&T problem, not mine. > >> > I don't provide recursive DNS to the public. > > Does it provide recursive DNS service to anyone? To you? If so, your > recursion restriction does not protect you. No. I only serve authoratative DNS, but with a split horizon for the stuff on private IPs too. It has a DNS proxy that passes recursion to my ISP, and only when I enable that for maintenance purposes. Otherwise, SERVFAIL is all ya get. Likewise, my other subnets are managed in a similar manner. I have ALWAYS distrusted cacheing resolvers and am loathe to run one myself. >> > Source ports are randomized by design in my software. > > If you use BIND as a resolving name server, the versions available > before last Tuesday did not change their randomized ports between > queries. I wouldn't use BIND on a bet. I use PowerDNS and I do not build the recurser/resolver part either. > >> > Everything is behind firewalls on Nat. And I use HLFS. > > None of that will help you in the slightest if you run a resolving > name server based on BIND. > But I don't run BIND, do I? None of these things you say seem to relate to my situation. Must be a coincidence... Marty B. -- Electile Dysfunction : the inability to become aroused over any of the choices for President put forth by either party in the 2008 election.
signature.asc
Description: OpenPGP digital signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
