[35782] in North American Network Operators' Group
RE: I've just tried new.net's plugin. Don't.
daemon@ATHENA.MIT.EDU (Roeland Meyer)
Thu Mar 15 20:56:49 2001
Message-ID: <9DC8BBAD4FF100408FC7D18D1F092286039CD5@condor.mhsc.com>
From: Roeland Meyer <rmeyer@mhsc.com>
To: "'Valdis.Kletnieks@vt.edu'" <Valdis.Kletnieks@vt.edu>,
David Schwartz <davids@webmaster.com>
Cc: nanog@merit.edu
Date: Thu, 15 Mar 2001 15:40:13 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu
DNS cache poisoning as adequately prevented by making your zone servers
non-recursive.
> -----Original Message-----
> From: Valdis.Kletnieks@vt.edu [mailto:Valdis.Kletnieks@vt.edu]
> Sent: Thursday, March 15, 2001 2:03 PM
> To: David Schwartz
> Cc: nanog@merit.edu
> Subject: Re: I've just tried new.net's plugin. Don't.
>
>
>
> On Thu, 15 Mar 2001 11:59:28 PST, David Schwartz said:
> > Did you know that you can choose which nameservers you
> use? And you can
> > continue to use the same nameservers no matter what
> provider you use.
>
> Unless the ISP is security conscious and has allow-query and
> allow-recurse
> ACLs for his netblocks only, to help combat DNS cache poisoning.
>
> --
> Valdis Kletnieks
> Operating Systems Analyst
> Virginia Tech
>
>
