Home page logo

nanog logo nanog mailing list archives

Re: how to protect name servers against cache corruption
From: Paul A Vixie <vixie () vix com>
Date: Tue, 22 Jul 1997 19:17:07 -0700

Since I believe that the security aspects of DNS are relevant to network
operations, I'm explicitly choosing to answer some messages here today
even though Paul Ferguson has issued a very reasonable request that DNS
*politics* not be discussed.

Correct me if I'm wrong, but this implies that nameservers whose sole
purpose is to act as primary and secondary for customer domains can run
with recursion disabled. I.e. all those nameservers whose identity is
readily discernable from public databases such as the Internic, RIPE, etc.,
could run in this configuration as long as they are not also intended to do
lookups for local machines on your local network.

Yes, that's what it is and that's why it works.  I couldn't've said it better.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]