I'm running DNS for my company that only has 35 computers "because I can." I have enabled views, and recursion is off for the "all" group, while it is enabled for the "local" group.
My BIND installation is on an OS X server, so manually updating can get ugly. We're talking LOW load here. 5,000 requests a day. MAYBE. Question: Am I safe from this issue, or should I just wholesale forward everything to opendns and drop internal DNS? Is un-patched recursion at ANY point dangerous or just external recursion? Michael On Jul 27, 2008, at 3:25 PM, Tuc at T-B-O-H.NET wrote: >> On the other hand, I posted about this on a hardened Linux mailing >> list, and received only ridicule and scorn in return. A security >> professional who claims over 3 decades of Internet experience led the >> charge, calling me paranoid and an alarmist. He specifically claimed >> that, since he doesn't operate a resolving name server (he uses his >> ISP, who have not patched their name servers as of my last check), >> and >> since his authoritative name servers are all PowerDNS, he has nothing >> to worry about, so why was I bothering the list with this irrelevant >> nonsense? >> >> All to say, don't expect it to necessarily be easy to convince people >> this is a real problem. >> >> (I've had better experiences elsewhere. And all of my friends and >> family whose ISP's are not updated are using opendns.com.) >> > People have also said "Well, wait until the news outlets get a > hold of this, it'll be bigger than any movie stars baby, any > presidential > scandal, etc". Well, I've seen it on 2 different news sites, with it > giving a "dooms day" feel to it.... And.... Seems its just not getting > anyones attention. The ISP I'm on (MAJOR cable co) still hasn't seemed > to make the change or done anything about it. > > I guess someone needs to poison a few large DNS servers and > start stealing credit cards and eBay/Paypal/Y!/Gmail id/passes for it > to get anyones attention. > > Tuc >
