Re: Bind open to query from anyone

As you suspect, this is a bad idea. Those who cannot query the server cannot poison the cache using the loopholes in the DNS protocol, i.e. put false data in your nameserver for names like www.google.com, www.yahoo.com, etc. There can be other impediments to poisoning the cache in this manner, bu

Re: Bind open to query from anyone

On Mon, Jan 05, 2009 at 03:15:36AM -0800, Chris Henderson wrote a message of 12 lines which said: > That is, any one can use my name server to query any host name, > eg. www.google.com, www.yahoo.com etc. Is this a bad idea? Yes, very bad. See RFC 5358 __

Re: Bind open to query from anyone

In general I would think that it isn't recommended unless it's intended, you probably don't want random client querying your servers for content you don't control. To kill this add "recursion no;" in options, if you do want this enables for certain prefixes have a look at "allow-recursion". Good

Bind open to query from anyone

I've setup a secondary name server which works as a secondary or slave name server for my zone or domain name. However, I have tested and noticed that I can query for non-authoritative answers from my secondary or slave name server from outside my network. That is, any one can use my name server to