Cache poisoning
David Miller
millerdc at fusion.gat.com
Fri Jul 14 04:40:17 UTC 2006
If you provide a caching name server(most normal corporate/public
networks do) than it can be poisoned with bad entries. One way to be
a good citizen on the net is to not allow recursion outside your
network. This way if your cache is poisoned you won't be contributing
to the problem outside your own network. It is as simple as setting
up an ACL for the subnets you control. for example.
acl "internal" { 10.1.1.0/24; };
options {
allow-recursion { internal; };
};
On Jul 13, 2006, at 10:39 AM, Jeff Lightner wrote:
> Is cache poisoning an issue for standard master/slave name servers or
> only for caching name servers?
> Jeffrey C. Lightner
> Unix Systems Administrator
> DS Waters of America, LP
> 678-486-3516
>
>
>
>
More information about the bind-users
mailing list