cache server allow-recursion no problem?
Nate Campi
nate at campin.net
Tue Mar 12 21:25:42 UTC 2002
On Tue, Mar 12, 2002 at 03:50:59PM -0500, Kevin Darcy wrote:
>
> David Xiao wrote:
>
> > someone told me to turn off recursion query on my primary and
> > secondary nameserver.They said that may cause DNS Spoofing Attack.
> >
> > but they told me to allow-recursion on my cache server.So my dial-up
> > clients can query other domains.
> > Doesn't cache server cause DNS Spoofing Attack?
> > What is DNS Spoofing Attack?
<snip good stuff from Kevin>
In your server's options statement put:
use-id-pool yes;
To enable random message IDs in queries, introduced in BIND 8.2. This
will help protect your servers that need recursion from spoofing
attacks. This is a standard part of BIND 9, so no worries if you run
that.
--
Nate
This is supposed to be a happy occasion. Let's not bicker and argue
about who killed who."
-From Monty Python's Holy Grail
More information about the bind-users
mailing list