[dns-operations] blocking recursers

Peter Koch pk at DENIC.DE
Mon Mar 27 12:25:34 UTC 2006

On Sun, Mar 26, 2006 at 02:37:38AM +0000, Paul Vixie wrote:

> ask an RD=1 question about a nonexistent name in the root zone.  if you
> get back NXDOMAIN it answered you recursively.  if you get back a referral

... or is running their own copy of the root zone, which some people do
e.g. to be good netizens. Better use a name in a zone you control (and are
confident nobody runs a stealth slave for).

> to the root, or REFUSED or something else, it answered you authoritatively.

Many people seem to forget about the "O" in "ORN". Those allowing access
to their cache might be abused even when they do not provide for recursion
to anyone.


More information about the dns-operations mailing list