on 8/18/05 3:08 PM, Matt wrote:
Agreed on the splitting idea. Keep one DNS firewalled from the outside world
and for use just by your clients and their address space, and then another one
that only resolves what you host and is open to everyone.
I guess I was on the right path. I did change
Morning Dave,
That would deny his internal
users the ability to resolve external domains.
Well you *may* have me on this one :) I do not know what dns server is
being used.
I use SimpleDNS so I can allow recursion by ip address/subnet. Bind
as well does this:
[ recurseallow ]
Nick,
It's not a technical issue regarding recursion, it's an issue of
needing recursion for customers, and wanting to block recursion when
coming from the outside world where the attacks are coming from. Kevin
indicated that BIND can handle doing that on the same server, but AFAIK
MS DNS
(nor have I heard that SimpleDNS does this either but could be
wrong).
Simple DNS does allow granular control of recursion by IP.
Nick was saying that if the OP were running Simple or Bind, then his
(Nick's) suggestion to limit recursion would not mean that the OP
would be turning
MS-DNS does not allow this
afaik
-d
- Original Message -
From:
Nick
Hayer
To: Declude.JunkMail@declude.com
Sent: Friday, August 19, 2005 10:20
AM
Subject: Re: [Declude.JunkMail] OT: DNS
attacks
Morning Dave,
That would deny his internal users