No.It was my understanding that if I allow recursion, then I might as well allow malicious attackers to check my location for domains, etc. Is this a correct assessment?
Recursion means that your DNS server will answer any DNS query (both for domains that it is authoritative for, as well as other domains). You *must* have a recursive DNS server in order to access domains on the Internet -- for example, to go to www.amazon.com, you would need to use a recursive DNS server.
One option is to use your Internet provider's DNS servers for recursive lookups. Another is to set up recursive DNS server(s), which are set up to only accept queries from your local network.
There are two main problems with recursive DNS: [1] Unauthorized people can use your DNS server, if you don't set it up to only accept queries from your local network, and [2] If you are running a vulnerable DNS server, your cache can get poisoned by a hacker (but only if your DNS server is vulnerable, and the hacker can access your DNS server).
No -- that's standard/authoritative DNS, and something that is required for people to query your domain (to get to your web site or send you E-mail).he way I understand recursion, it is for outsiders to check entries,
You *do* have recursive DNS.I do not remember why we implemented the non recursive rule, maybe it was simply a spamming issue that made us implement the non recursive.
It's a good idea for your authoritative DNS servers not to allow recursion, for safety purposes (since it ensures that your cache can't be poisoned, because you don't have a cache).
However, IMail was getting IP addresses to send mail to hotmail.com. That means that either you are authoritative for hotmail.com (in which case, say "Hi" to Bill for me), or IMail is using a DNS server that allows recursion.
Spam doesn't effect whether or not to allow recursion (that could be relaying on the mailserver that you are thinking of).
Hmmm...I changed the DNS to allow recursion. I will run some tests.
It did allow recursion. You'll need to check to see what is going on here -- it may be that IMail is using a different DNS server than you expect, or that the DNS server did allow recursion when you thought it didn't.
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
