[88952] in North American Network Operators' Group
Re: DNS deluge for x.p.ctrc.cc
daemon@ATHENA.MIT.EDU (Jon Lewis)
Sat Feb 25 16:42:39 2006
Date: Sat, 25 Feb 2006 16:42:07 -0500 (EST)
From: Jon Lewis <jlewis@lewis.org>
To: Chris Adams <cmadams@hiwaay.net>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <20060225005812.GA1093740@hiwaay.net>
Errors-To: owner-nanog@merit.edu
On Fri, 24 Feb 2006, Chris Adams wrote:
> One thing to note: we've discovered that on some common DSL routers, the
> internal DNS caching server is on by default and answers requests on the
> outside IP address. IIRC some even do it when configured for NAT.
>
> So, even when you disable outside recursion, things you may not think of
> on the inside of your network may still allow outside DNS recursion.
Efficient Networks DSL routers suffer from this problem if DNS servers are
defined in the DHCP server config on the router. It's more of a DNS proxy
though. It doesn't do any caching.
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________