Excellent advice! Thanks Tanner. On Thu, 2006-03-16 at 15:55, Tanner Lovelace wrote: > Greetings, > > It looks like people have come up with ways to use recursive DNS > servers to cause a distributed denial of service on other name servers[1]. > There's nothing new here, recursive DNS servers have been the norm > for many, many years, but then again, so were open SMTP relays[2]. > So, as a result, it seems that prudence would suggest that people > secure their DNS servers. However, just turning off recursive DNS > is generally not an option because DNS doesn't work without it. > Instead, you need to restrict recursive DNS to just your own network. > Looks like good instructions for doing that with bind can be found > here[3]. Might as well secure now so as to not contribute to problems > later. :-( > > Cheers, > Tanner > > [1] http://news.yahoo.com/s/ap/20060316/ap_on_hi_te/internet_attack > [2] http://www.webmasterworld.com/forum23/4488.htm > [3] http://www.cymru.com/Documents/secure-bind-template.html > > -- > Tanner Lovelace > clubjuggler at gmail dot com > http://wtl.wayfarer.org/ > (fieldless) In fess two roundels in pale, a billet fesswise and an > increscent, all sable.
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
