Date: Tue, 17 Jan 2006 14:13:56 +0100 From: Simon 'corecode' Schubert <corecode@fs.ei.tum.de> To: Steve Suhre <cheesiest@nano.net> Cc: freebsd-hackers@freebsd.org Subject: Re: Named requests filling up T1 Message-ID: <43CCED94.3020802@fs.ei.tum.de> In-Reply-To: <43CCBAC5.4060809@nano.net> References: <43CC59E7.6080505@nano.net> <015901c61b15$898648a0$1200a8c0@gsicomp.on.ca> <43CC65BC.9040005@nano.net> <44314.63.147.253.154.1137474098.squirrel@webmail7.pair.com> <43CCBAC5.4060809@nano.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Steve Suhre wrote: > Thanks, I think that's what I was looking for. I expect the "ISP" is in > another country somewhere and would be hard to reach, if they could be > reached at all. And it's probably a bad reference somewhere to the > server here, so shutting of recursive queries could help... If I shut > named off for an hour or two they go away, so I'm guessing the offending > server switches to the secondary and gets what it's looking for? In any case you should only allow recursive queries for your trusted clients and/or downstream nameservers which forward to you. Otherwise a) you produce outgoing traffic when some stranger wants to b) your dns cache can easily be poisoned because of a) cheers simon -- Serve - BSD +++ RENT this banner advert +++ ASCII Ribbon /"\ Work - Mac +++ space for low €€€ NOW!1 +++ Campaign \ / Party Enjoy Relax | http://dragonflybsd.org Against HTML \ Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43CCED94.3020802>