Recursion question

Barry Margolin barmar at alum.mit.edu
Sat Oct 7 00:59:24 UTC 2006


In article <eg6ik9$hv5$1 at sf1.isc.org>, Fr34k <freaknetboy at yahoo.com> 
wrote:

> Is this critical? Depends on your environment, risk, etc.

The reason dnsreport.com reports it as a serious error is because open 
recursive servers have been used to perpetrate DoS attacks against other 
nameservers, using a technique called "DNS Amplification".

So unless you need to allow recursion to the public (e.g. you're an 
organization like OpenDNS), you're doing a public service by disabling 
it.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***



More information about the bind-users mailing list