On Mar 28, 2005, at 1:11 AM, Randy Bush wrote:
And to Randy's point about problems with open recursive nameservers... abusers have been known to cache "hijack". Register a domain, configure an authority with very large TTLs, seed it onto known open recursive nameservers, update domain record to point to the open recursive servers rather than their own. Wammo, "bullet proof" dns hosting.
as has been said here repeatedly, you should not be running servers, recursive or not, on old broken and vulnerable software.
Huh? I think you do not understand. Do not mistake "cache hijack" for "cache poison". This is _nothing_ to do with what you're running on the recursive nameserver. It is doing _exactly_ what it is supposed to do. Get answers, store in cache, respond to queries from cache if TTL isn't expired.