Greetings, It looks like people have come up with ways to use recursive DNS servers to cause a distributed denial of service on other name servers[1]. There's nothing new here, recursive DNS servers have been the norm for many, many years, but then again, so were open SMTP relays[2]. So, as a result, it seems that prudence would suggest that people secure their DNS servers. However, just turning off recursive DNS is generally not an option because DNS doesn't work without it. Instead, you need to restrict recursive DNS to just your own network. Looks like good instructions for doing that with bind can be found here[3]. Might as well secure now so as to not contribute to problems later. :-(
Cheers, Tanner [1] http://news.yahoo.com/s/ap/20060316/ap_on_hi_te/internet_attack [2] http://www.webmasterworld.com/forum23/4488.htm [3] http://www.cymru.com/Documents/secure-bind-template.html -- Tanner Lovelace clubjuggler at gmail dot com http://wtl.wayfarer.org/ (fieldless) In fess two roundels in pale, a billet fesswise and an increscent, all sable. -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
