DNS Cache Snooping?

Paul Vixie Paul_Vixie at isc.org
Tue Jun 24 00:00:19 UTC 2008

"Jeff Lightner" <jlightner at water.com> writes:

> I have prevented recursive lookups from outside.  However on doing test
> I have confirmed that recent recursive lookups from inside do in fact
> cause the servers to cache the records and subsequent digs from outside
> while confirming recursive lookup was denied do get the same record from
> cache as was returned on the original lookup from inside.   

you'll need to turn off allow-query-cache as well as allow-recursion on the
outside network, or just turn off allow-query in the externally visible
view, if you're using views to separate recursive vs. authoritative
Paul Vixie

More information about the bind-users mailing list