On Fri, 24 Feb 2006, Chris Adams wrote:
One thing to note: we've discovered that on some common DSL routers, the internal DNS caching server is on by default and answers requests on the outside IP address. IIRC some even do it when configured for NAT.
So, even when you disable outside recursion, things you may not think of on the inside of your network may still allow outside DNS recursion.
Efficient Networks DSL routers suffer from this problem if DNS servers are defined in the DHCP server config on the router. It's more of a DNS proxy though. It doesn't do any caching. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________