Public DNS - recursion no - Access to the Internet
Barry Margolin
barmar at alum.mit.edu
Mon Feb 19 20:48:44 UTC 2007
In article <erclul$2sgj$1 at sf1.isc.org>,
Jarek Buczy?ski <jaro80 at gmail.com> wrote:
> Threat's growing :)
> Below is next quote:
>
> "If you use multiple nameserver directives, don't use the loopback address!
> There's a bug in some Berkeley-derived TCP/IP implementations that can cause
> problems with BIND if the local nameserver is down. The resolver's connected
> datagram socket won't rebind to a new local address if the local nameserver
> isn't running, and consequently the resolver sends query packets to the
> fallback remote nameservers with a source address of 127.0.0.1. When the
> remote nameservers try to reply, they end up sending the reply packets to
> themselves."
I think that bug was fixed at least a decade ago, so it's probably not
an important caveat.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list