:: Re: [DNG] Clarification please
Top Page
Delete this message
Reply to this message
Author: Simon Walter
Date:  
To: dng
Subject: Re: [DNG] Clarification please
On 10/30/20 7:29 AM, Rick Moen wrote:
...
> FWIW, I am no longer comfortable with the idea of a combined
> authoritative/recursive server on a publicly exposed static IP.
> That has been deprecated for long decades as bad security, particularly
> because it increases the risk of cache poisoning of the recursive
> server. IMO, a LAN connected to public networks, even a small one,
> ought to have the authoritative service on a separate, public-facing
> host, and the recursive service on a protected, internal-network machine
> that is as shielded from public networks as possible.


Thanks for the bits of wisdom.

Do you know any papers/articles/sites that discuss and explain this more?

I have not updated my IT knowledge in years and am a bit thirsty.