Re: DNS cache poisoning - am I safe if I limit recursion to trusted local networks?

2022-01-03 Thread Grant Taylor via bind-users
On 1/3/22 10:57 AM, John Thurston wrote: It must have a 'forward' zone defined on it for each of those stupid domains. And yes, you are right . . at that point it is no longer only performing recursion. ;-) But there is no other way to do it. Even in a combined recursive/authoritative

Re: DNS cache poisoning - am I safe if I limit recursion to trusted local networks?

2022-01-03 Thread Matus UHLAR - fantomas
On 1/3/22 12:15 AM, Borja Marcos wrote: If you separate the roles it is much simpler to implement an effective access control. On 03.01.22 10:35, Grant Taylor via bind-users wrote: The problem I have with separating recursive and authoritative servers has to do with internal LANs and things

Re: DNS cache poisoning - am I safe if I limit recursion to trusted local networks?

2022-01-03 Thread John Thurston
On 1/3/2022 8:35 AM, Grant Taylor via bind-users wrote: In short, how do you get a /purely/ /recursive/ server to know that internal-corp-lan.example (or any domain not in the global DNS hierarchy) is served by some other /purely/ /authoritative/ DNS server inside the company? It must have a

Re: DNS cache poisoning - am I safe if I limit recursion to trusted local networks?

2022-01-03 Thread Grant Taylor via bind-users
On 1/3/22 12:15 AM, Borja Marcos wrote: If you separate the roles it is much simpler to implement an effective access control. The problem I have with separating recursive and authoritative servers has to do with internal LANs and things like Microsoft Active Directory on