[dns-operations] Best Practices in DNS security
Sean Leach
sleach at ultradns.com
Fri Mar 17 19:56:16 UTC 2006
On Mar 17, 2006, at 10:35 AM, Geo. wrote:
>
> For example we have our own IP block but we also have a leased
> nationwide
> dialup service so customers can travel. So when a customer travels
> and the
> local dns server (which I don't control) for that national node can't
> resolve just one domain I fix that by setting them to use our
> recursive
> servers since I do control them. (I can't flush the cache on some
> elses dns
> server even though it affects my customer)
Maybe it's time for popb4recursive to go with popb4smtp
:)
Though I am sure there could something more clever done with auto-
updating allow-recursive ACL's based on some sort of auth logs for
these roadwarrior types if you wanted to get nutty (and if that info
was available). Or just allow the national dialup services netblocks
into your allow-recursive ACL. At that point you are no longer an
open recursive server, yes?
More information about the dns-operations
mailing list