Cache poisoning

David Miller millerdc at fusion.gat.com
Fri Jul 14 04:40:17 UTC 2006


If you provide a caching name server(most normal corporate/public  
networks do) than it can be poisoned with bad entries. One way to be  
a good citizen on the net is to not allow recursion outside your  
network. This way if your cache is poisoned you won't be contributing  
to the problem outside your own network. It is as simple as setting  
up an ACL for the subnets you control. for example.

acl "internal" { 10.1.1.0/24; };

options {
	allow-recursion { internal; };
};


On Jul 13, 2006, at 10:39 AM, Jeff Lightner wrote:

> Is cache poisoning an issue for standard master/slave name servers or
> only for caching name servers?
> Jeffrey C. Lightner
> Unix Systems Administrator
> DS Waters of America, LP
> 678-486-3516
>
>
>
>





More information about the bind-users mailing list