On Oct 15, 2013, at 12:05 AM, "Paul Ferguson" <fergdawgs...@mykolab.com> wrote:
> Or leaving the recursive resolvers open to the entire Internet for abuse. They generally must have internal recursive resolvers for their internal resources (split-horizon). Hopefully, they've another set of external resolvers they use for external recursive lookups - and aren't running them open. In practice, a lot of enterprise organizations, especially smaller ones, conflate at least some of their recursive DNS servers with their authoritative ones (which they lack the expertise to run in the first place), and all too many of those are also open recursors. Then they place the whole mess behind a stateful firewall and can't figure out why their DNS servers keep going down, while their transit bills keep going up. ;> --------------------------------- Roland Dobbins <rdobb...@arbor.net> _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
