[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-developers] publishing slave nameservers was RE: Denial-of-Service Vulnerabilityin ISC BIND 9
- Subject: [cobalt-developers] publishing slave nameservers was RE: Denial-of-Service Vulnerabilityin ISC BIND 9
- From: "Matthew Nuzum" <cobalt@xxxxxxxxxxxxx>
- Date: Wed Jun 5 09:38:02 2002
- Organization: Bearfruit.org
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
> ... We're in the midst
> of switching now to a system where the master is behind a firewall,
and
> all the published nameservers are slaves, but I don't believe that's
> security enough.
>
> Jeff
Jeff, have you ever experienced a problem with this? We tried something
similar to this and had problems with RoadRunnerwho is a large ISP in
our area. (possibly effects other ISPs as well). They use some caching
DNS software for their customers and it wouldn't resolve DNS requests
for domains where the server answered as non-authoritative.
It was a very odd problem and difficult to diagnose. We tested it on
only a couple of domains but we were able to see problems right away.
Is there a trick to making the slave servers answer authoritatively?
That very well could have been our problem.
It's kind of a moot point, as I decided to outsource my DNS and can't be
happier.
Matthew Nuzum
www.bearfruit.org
cobalt@xxxxxxxxxxxxx