> We were running a DNS resolver at 66.90.70.50. This DNS server was > not authoritative for any domains... had none setup... just a > resolver.
"Recursor". "Resolver" = the client originating the DNS, e.g. GetHostByName(), lookup. > We deleted MS DNS from 66.90.70.50 so that machine does not answer > any DNS queries. I suppose all the requests are still hitting the > box, but it doesn't seem to cause any problems. This whole issue is quite silly. [a] the edge router/firewall should have blocked these queries. What business it has letting through DNS traffic is beyond me, if this service should not be exposed. Is there no firewall or something? [b] MS DNS is quite reliable and resilient for recursion. (Yes, it definitely has access control issues that make public exposure touchy under many circumstances. I, too, use SimpleDNS for its more granular access control.) If all you needed was a recursor on 127.0.0.1, just have MS DNS listen only on loopback! Jeez, a whole separate product... I just don't understand how it came to this. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
