[dns-operations] DNS deluge for x.p.ctrc.cc

william(at)elan.net william at elan.net
Mon Feb 27 01:01:33 UTC 2006


On Mon, 27 Feb 2006, Gadi Evron wrote:

> william(at)elan.net wrote:
>> And BTW - what is correct way to deal with queries at the dns server side?
>> Lets assume we want appropriate security applied and have dns server only 
>> answer regarding netzones it serves or on behalf of clients on pre-set 
>> (local) network. If query comes in for non-served zone from remote net, 
>> should dns server simply ignore the query and not send any answer?
>
> I believe it was Valdis on NANOG a few mounths back who said it best. The 
> server which answers your users/clients should not be the same one 
> facing the world.

He's probably right and all new places should be configured this way.

But many ISPs (and universities too) historically had common dns server
(for both resolving and serving local domains) and had dns server ip 
statically configured at customer sites (not everyone likes DHCP) and
on routers and unix/other systems. Changing this will take some time.

-- 
William Leibzon
Elan Networks
william at elan.net



More information about the dns-operations mailing list