[dns-operations] Best Practices in DNS security

Sean Leach sleach at ultradns.com
Fri Mar 17 19:56:16 UTC 2006

On Mar 17, 2006, at 10:35 AM, Geo. wrote:
> For example we have our own IP block but we also have a leased  
> nationwide
> dialup service so customers can travel. So when a customer travels  
> and the
> local dns server (which I don't control) for that national node can't
> resolve just one domain I fix that by setting them to use our  
> recursive
> servers since I do control them. (I can't flush the cache on some  
> elses dns
> server even though it affects my customer)

Maybe it's time for popb4recursive to go with popb4smtp


Though I am sure there could something more clever done with auto- 
updating allow-recursive ACL's based on some sort of auth logs for  
these roadwarrior types if you wanted to get nutty (and if that info  
was available).  Or just allow the national dialup services netblocks  
into your allow-recursive ACL.  At that point you are no longer an  
open recursive server, yes?

More information about the dns-operations mailing list