cache server allow-recursion no problem?

Nate Campi nate at campin.net
Tue Mar 12 21:25:42 UTC 2002


On Tue, Mar 12, 2002 at 03:50:59PM -0500, Kevin Darcy wrote:
> 
> David Xiao wrote:
> 
> > someone told me to turn off recursion query on my primary and
> > secondary nameserver.They said that may cause DNS Spoofing Attack.
> >
> > but they told me to allow-recursion on my cache server.So my dial-up
> > clients can query other domains.
> > Doesn't cache server cause DNS Spoofing Attack?
> > What is DNS Spoofing Attack?

<snip good stuff from Kevin>

In your server's options statement put:

	use-id-pool yes;

To enable random message IDs in queries, introduced in BIND 8.2. This
will help protect your servers that need recursion from spoofing
attacks. This is a standard part of BIND 9, so no worries if you run
that.
-- 
Nate

This is supposed to be a happy occasion. Let's not bicker and argue
about who killed who."
   -From Monty Python's Holy Grail



More information about the bind-users mailing list