[dns-operations] anybody here from GDNS?

Simon Waters simonw at zynet.net
Tue Jul 15 17:27:00 UTC 2008

On Tuesday 15 July 2008 17:55:06 Randy Bush wrote:
> Paul Vixie wrote:
> > you just can't run with recursion enabled on an authority server
> well, you can.  but perhaps you should not.
> actually, i run two servers which are authoritative for O(10^4) zones
> and have recursion turned on.  the recursion is restricted to the
> localhost.

Does this help?

I assume any spoofing attack explanations at blackhat will start with "ways to 
make a remote host ask the queries you want to spoof answers to", since you 
can't (yet - maybe I'll learn differently in August) successfully spoof a 
recursive server that isn't recursing.

More information about the dns-operations mailing list