[11210] in North American Network Operators' Group
Re: how to protect name servers against cache corruption
daemon@ATHENA.MIT.EDU (Paul A Vixie)
Tue Jul 22 22:20:38 1997
To: nanog@merit.edu
In-reply-to: Your message of "Tue, 22 Jul 1997 14:50:19 PDT."
<v0310280baffadadceb12@[10.11.12.33]>
Date: Tue, 22 Jul 1997 19:17:07 -0700
From: Paul A Vixie <vixie@vix.com>
Since I believe that the security aspects of DNS are relevant to network
operations, I'm explicitly choosing to answer some messages here today
even though Paul Ferguson has issued a very reasonable request that DNS
*politics* not be discussed.
> Correct me if I'm wrong, but this implies that nameservers whose sole
> purpose is to act as primary and secondary for customer domains can run
> with recursion disabled. I.e. all those nameservers whose identity is
> readily discernable from public databases such as the Internic, RIPE, etc.,
> could run in this configuration as long as they are not also intended to do
> lookups for local machines on your local network.
Yes, that's what it is and that's why it works. I couldn't've said it better.
