how to protect name servers against cache corruption
Paul A Vixie
vixie at vix.com
Wed Jul 23 02:17:07 UTC 1997
Since I believe that the security aspects of DNS are relevant to network
operations, I'm explicitly choosing to answer some messages here today
even though Paul Ferguson has issued a very reasonable request that DNS
*politics* not be discussed.
> Correct me if I'm wrong, but this implies that nameservers whose sole
> purpose is to act as primary and secondary for customer domains can run
> with recursion disabled. I.e. all those nameservers whose identity is
> readily discernable from public databases such as the Internic, RIPE, etc.,
> could run in this configuration as long as they are not also intended to do
> lookups for local machines on your local network.
Yes, that's what it is and that's why it works. I couldn't've said it better.
More information about the NANOG
mailing list