[88952] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: DNS deluge for x.p.ctrc.cc

daemon@ATHENA.MIT.EDU (Jon Lewis)
Sat Feb 25 16:42:39 2006

Date: Sat, 25 Feb 2006 16:42:07 -0500 (EST)
From: Jon Lewis <jlewis@lewis.org>
To: Chris Adams <cmadams@hiwaay.net>
Cc: NANOG <nanog@merit.edu>
In-Reply-To: <20060225005812.GA1093740@hiwaay.net>
Errors-To: owner-nanog@merit.edu


On Fri, 24 Feb 2006, Chris Adams wrote:

> One thing to note: we've discovered that on some common DSL routers, the
> internal DNS caching server is on by default and answers requests on the
> outside IP address.  IIRC some even do it when configured for NAT.
>
> So, even when you disable outside recursion, things you may not think of
> on the inside of your network may still allow outside DNS recursion.

Efficient Networks DSL routers suffer from this problem if DNS servers are 
defined in the DHCP server config on the router.  It's more of a DNS proxy 
though.  It doesn't do any caching.

----------------------------------------------------------------------
  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

home help back first fref pref prev next nref lref last post