>I hadn't thought of a scenario where internet-facing name servers needed >recursion.
sure. I bet it's very common. A DNS is set up, no domains, just so the org's PC's can access internet. recursion is turned on to suppor the internal PC's, but because the DNS is accessible from interent, recursive queries from internet are also honored. This is worse/more probable if the DNS is delegated with one or more domains, so the DNS is visible in delegation records. > We use split DNS with private IP addresses on my LAN. If >you're using the same DNS servers to service both internal and internet >clients, well... I see the issue. BIND probably would probably be the >best option, although not a zero-cost one for most Windows networkers >(non-trivial training and initial configuration hours). Learning DNs is still required to set up a W2K machine, so that's no different from BIND, unless you consider some monkeys clicking on the MMC W2K GUI until something happens is sufficient DNS "training". :)) Len ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
