[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] recursive DNS issue

To: omifix omnifix <omnifix2001@xxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] recursive DNS issue
From: Bruno Wolff III <bruno@xxxxxxxx>
Date: Wed, 3 Mar 2004 10:27:26 -0600

On Wed, Mar 03, 2004 at 14:54:38 +1100,
  omifix omnifix <omnifix2001@xxxxxxxxxxxx> wrote:
> can anybody explain me what the problem is when my
> external DNS server supports recursive DNS queries?

This allows simpler software and configuration so that there is less likely
to be a security problem.

> People are telling me that a DNS server is prone to
> cache poisoning when recursive DNS queries are
> supported.

You shouldn't be using a cache that doesn't discard out of zone glue or one
that makes recursive requests to untrusted dns servers. This is going to be
a problem whether or not you combine a cache with a publishing server.
It may make things worse in that besides possibly hosing internal lookups,
you might also screw up the information about your domains given to other
people.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] recursive DNS issue
  - From: omifix omnifix

Prev by Date: [Full-Disclosure] Re: SmoothWall Limited Product Advisory SWL-2004:002
Next by Date: Re: [Full-Disclosure] Backdoor not recognized by Kaspersky
Previous by thread: [Full-Disclosure] recursive DNS issue
Next by thread: Re: [Plugins-writers] [Full-Disclosure] recursive DNS issue
Index(es):
- Date
- Thread