[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: your mail



On Thu, Jun 28, 2001 at 01:42:49PM +0300, Sematimba Noah K wrote:
> 1. If you have a nameserver for which recursion is turned off but it is
> primary for quite a few domains and then because this machine also has to
> handle mail, you specify another nameserver in /etc/resolv.conf. My
> question is if someone queries the name server on this machine will
> answers from the name server in /etc/resolv.conf spill over to answer
> these queries if my server cannot answer because of recursion being turned
> off?

No. resolv.conf is only use by the resolver (client-side) library which is
used when a process on _your_ machine asks to do a DNS lookup. When a remote
machine talks to your DNS server, it is the named process itself which
handles it, and resolv.conf is not used.

You can test this: e.g. on another machine try

# nslookup
server x.x.x.x         -- your mail server/primary DNS machine
psg.com

It should come back with a referral to the GTLD servers (i.e. "look it up
yourself!"), rather than the IP address for psg.com.

> 2. What measures can one put in place to avoid cache poisoning on
> recursive name servers? Does bind automatically take care of this?

AFAIK bind takes care of this, just make sure to keep up to date with the
latest stable version. Old versions of bind used to trust unrelated results
which came back in DNS responses, but I think new versions discard them.

Brian.

-----
This is the afnog mailing list, managed by Majordomo 1.94.4

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org