|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: how to protect name servers against cache corruption
Since I believe that the security aspects of DNS are relevant to network operations, I'm explicitly choosing to answer some messages here today even though Paul Ferguson has issued a very reasonable request that DNS *politics* not be discussed. > Correct me if I'm wrong, but this implies that nameservers whose sole > purpose is to act as primary and secondary for customer domains can run > with recursion disabled. I.e. all those nameservers whose identity is > readily discernable from public databases such as the Internic, RIPE, etc., > could run in this configuration as long as they are not also intended to do > lookups for local machines on your local network. Yes, that's what it is and that's why it works. I couldn't've said it better.
|