Prev-20 Home Next-20 2 msg Cannot resolve name - seems like propagation is... 5 msg Question about internet ethics? and how DNS is ... 2 msg MySQL BIND 2 msg Multiple nameservers 1 msg Difference between worker threads and general t... 7 msg Problem with domain on local network 2 msg dhclient complains Can't update forward map no ... Recursion question + trust? \ jack brack (27 Mar 2006) . \ Mark Andrews (27 Mar 2006) . . \ jack brack (27 Mar 2006) . \ Mark Andrews (27 Mar 2006) 7 msg Bind doesn't look up past its own Domains 2 msg Microsoft clients SECURE DYNAMIC UPDATES 4 msg Does BIND always query the other authorative na... 3 msg Dig options? 6 msg how was bind compiled/configured? 2 msg Bulding BIND9.3.1 3 msg RE: Forward zone problem: Forward query vs Dire... 3 msg Bind 9.3.1 master with 'stub' in-addr-arpa zone... 3 msg How to perform IP address management and how to... 2 msg Zonetransfers 8 msg failed while receiving responses and jnl touching 4 msg dhcp client and dns bind question Prev-20 Home Next-20

Prev-Msg Prev-Thread Bind-users Mar-2006 Next-Thread Next-Msg Subject: Recursion question + trust? Group: Bind-users From: jack brack Date: 27 Mar 2006 It seems that the advice at the moment is to disable recursion to everyone apart from customers, the reasoning being that customers are trustworthy and won't poison or knowingly poison the DNS server. Since this isn't true, I don't know what to do. I read this on webhostingtalk: "For example, I'm a spammer. I create a hostname for spam, something.myspam.tld. After that, I query your DNS server to resolve the host something.myspam.tld. It resolves that host and stores the info in its cache. All further requests for that host do not result in propagated lookups but are answered by the server from its cache, until the exipration for the zone occurs. After that, I set your DNS server as the authoritative server for my zone with the domain registrar. After that, I start sending spam. Now, you are screwed because it looks as if your DNS server is being used for spam. " If this is true, how can I possibly guard against it (without allowing customers to poison the dns)? What do (or maybe "should" is better word) big ISPs do? Prev-Msg Prev-Thread Bind-users Mar-2006 Next-Thread Next-Msg

© 2004-2008 readlist.com