[dns-operations] anybody here from GDNS?
Simon Waters
simonw at zynet.net
Tue Jul 15 17:27:00 UTC 2008
On Tuesday 15 July 2008 17:55:06 Randy Bush wrote:
> Paul Vixie wrote:
> > you just can't run with recursion enabled on an authority server
>
> well, you can. but perhaps you should not.
>
> actually, i run two servers which are authoritative for O(10^4) zones
> and have recursion turned on. the recursion is restricted to the
> localhost.
Does this help?
I assume any spoofing attack explanations at blackhat will start with "ways to
make a remote host ask the queries you want to spoof answers to", since you
can't (yet - maybe I'll learn differently in August) successfully spoof a
recursive server that isn't recursing.
More information about the dns-operations
mailing list