On 10/30/20 7:29 AM, Rick Moen wrote: ...
FWIW, I am no longer comfortable with the idea of a combined authoritative/recursive server on a publicly exposed static IP. That has been deprecated for long decades as bad security, particularly because it increases the risk of cache poisoning of the recursive server. IMO, a LAN connected to public networks, even a small one, ought to have the authoritative service on a separate, public-facing host, and the recursive service on a protected, internal-network machine that is as shielded from public networks as possible.
Thanks for the bits of wisdom. Do you know any papers/articles/sites that discuss and explain this more? I have not updated my IT knowledge in years and am a bit thirsty. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng