On Jul 27, 2008, at 9:02 PM, Michael Coumerilh wrote: > I'm running DNS for my company that only has 35 computers "because I > can." > I have enabled views, and recursion is off for the "all" group, while > it is enabled for the "local" group. > > My BIND installation is on an OS X server, so manually updating can > get ugly. We're talking LOW load here. 5,000 requests a day. MAYBE. > > Question: Am I safe from this issue, or should I just wholesale > forward everything to opendns and drop internal DNS? > > Is un-patched recursion at ANY point dangerous or just external > recursion? > > Michael
You should either patch now, or forward to OpenDNS until you can patch. If you do any recursive lookups at all, you're vulnerable. Brian Keefer Sr. Systems Engineer www.Proofpoint.com "Defend email. Protect data."
