Hello, I understand the importance of separating authoritative and recursive functions on public facing systems. How crucial is it on internal systems?
My clients today resolve against internal servers that do recursion and also hold authoritative secondary copies of important internal zones. I did see on the ISC KB that this is an acceptable configuration 'having determined that the benefit outweighs any risks associated with this policy." The primary benefit as I understand it, is that in removing the authoritative function from the recursive systems and isolating it on separate hardware (with an ACL permitting only the recursive servers to use them), I decrease the attack surface. The recursive servers are now isolated from being vulunerable to attacks against the authoritative code base. In my environment, the recursive function is important, but not nearly as important as the authoritative resolution of internal namespaces. Has this separation of function improved my security posture in that area? If we assume the internal environment is hostile, an attacker now simply has to launch their authoritative-busting code against the authoritative servers rather than the recursive servers, forging the source as the recursive servers? The end result is the same in either design - an outage for critical internal functionality. What are the downsides? Is it a stretch to say that this design might actually introduce security concerns? For example, if the authoritative function is moved, and the clients are left pointing at na now recursive-only server- that recursive server is now theoretically vulnerable to cache poisoned records for those critical internal namespaces, where as previously that was impossible because it was answering them authoritatively? Does this design potentially weaken operational stability? By breaking out the authoritative functions on to unique hardware, we've now introduced a second place in the service delivery chain where a failure will be catastrophic to business function? Overall, is breaking this function out - internally - really worth it? Thoughts and comments appreciated Cheers! _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users