[dns-operations] blocking recursers
paul at vix.com
Mon Mar 27 15:02:34 UTC 2006
# > ask an RD=1 question about a nonexistent name in the root zone. if you
# > get back NXDOMAIN it answered you recursively. if you get back a referral
# ... or is running their own copy of the root zone, which some people do
# e.g. to be good netizens. Better use a name in a zone you control (and are
# confident nobody runs a stealth slave for).
sure. that's what dan kaminsky describes in his recent dns show&tell's.
this technique also lets one learn if a nameserver's initiation address
is different from its listener address, which is sometimes useful to know.
More information about the dns-operations