DNS Cache Snooping?
Paul Vixie
Paul_Vixie at isc.org
Tue Jun 24 00:00:19 UTC 2008
"Jeff Lightner" <jlightner at water.com> writes:
> I have prevented recursive lookups from outside. However on doing test
> I have confirmed that recent recursive lookups from inside do in fact
> cause the servers to cache the records and subsequent digs from outside
> while confirming recursive lookup was denied do get the same record from
> cache as was returned on the original lookup from inside.
you'll need to turn off allow-query-cache as well as allow-recursion on the
outside network, or just turn off allow-query in the externally visible
view, if you're using views to separate recursive vs. authoritative
service.
--
Paul Vixie
More information about the bind-users
mailing list