Best practice on TCP replies for ANY queries

• Previous message (by thread): Best practice on TCP replies for ANY queries
• Next message (by thread): Best practice on TCP replies for ANY queries
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Anurag Bhatia <me at anuragbhatia.com> wrote:
>
> Now I see presence of some (legitimate) DNS forwarders and hence I don't
> wish to limit queries.

You are going to have to change your mind about this one. Open recursive
resolvers are a really bad idea, unless you can afford a lot of time and
cleverness to manage the abuse. Get your users to choose a more
appropriate name server, and restrict your name server to your local
networks.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.

• Previous message (by thread): Best practice on TCP replies for ANY queries
• Next message (by thread): Best practice on TCP replies for ANY queries
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]