Re: DNS Question
From: Adam Kujawski (adamkuj@mccoysworld.com)Date: 08/13/01
- Previous message: Michael Kjorling: "Re: DNS Question"
- In reply to: massara@bridge.com.br: "DNS Question"
- Next in thread: Black, Braden: "RE: DNS Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 13 Aug 2001 14:40:35 -0400 (EDT) From: Adam Kujawski <adamkuj@mccoysworld.com> To: massara@bridge.com.br Subject: Re: DNS Question Message-ID: <Pine.BSF.4.21.0108131436550.75608-100000@mccoysworld.com>
If you disable recursion, your clients will have delays in resolving
name lookups. The best solutions would be to permit recursion only for
certain IP address ranges.
For bind, something like this should work:
options {
recursion yes;
allow-recursion {
127.0.0.1; // localhost
10.0.0.0/8; // local LAN
192.168.0.0/24; // etc...
};
};
-Kuj
On Fri, 10 Aug 2001 massara@bridge.com.br wrote:
> Dear friends,
>
> I have a little question regarding DNS, can you help me??
>
> Since an intrusion test was made at my network, people are talking about
> recursion in DNS. The IT specialists that did the test told me that my DNS
> do recursive queries and it´s a vulnerability. I´m authoritative for some
> zones and the server resolve names for some clients.
>
> If I disable recursion on my servers, am I going to have any trouble???
>
> Thanks in advance,
> Victor
>
>
>
- Previous message: Michael Kjorling: "Re: DNS Question"
- In reply to: massara@bridge.com.br: "DNS Question"
- Next in thread: Black, Braden: "RE: DNS Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
