On Thu, 11 Nov 1999, Brian Wellington wrote: > Caching-only servers are also vulnerable. The NXT record is no different > that any other DNS record in this case. If someone is able to make your > server fetch a maliciously-constructed NXT record, it will cause problems. > A query to a caching server will force the server to send a recursive > query, which makes the caching server vulnerable. All the more reason to define local IP ranges and restrict allow-query to those ranges only by default. AB
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:11:58 PDT