> > As an aside, you shouldn't be allowing me to perform recursive lookups > > with your servers anyway. Rosemary could easily be hijacked to perform > > DNS based DOS attacks. > > > > - > > Marc > > So does that mean then that it isn't possible to use the check_dns > plugin without enabling recursive lookups and leaving my server open > to DNS DOS attacks? > > Is there any way to use dns_check safely?
I think the keyword in Marc's statement was "me" - him, Marc, being outside of your network should not be allowed to perform recursive lookups via one of your nameservers. If you are going to enable recursive lookups for your own users/internal machines, limit access to that feature via acl's to only those users/IPs/hosts. Otherwise, with recursive off, ask them about a name they are authoritative for. SWS ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
