Autor: Simon Walter Data: Dla: dng Temat: Re: [DNG] Clarification please
On 10/30/20 7:29 AM, Rick Moen wrote:
... > FWIW, I am no longer comfortable with the idea of a combined
> authoritative/recursive server on a publicly exposed static IP.
> That has been deprecated for long decades as bad security, particularly
> because it increases the risk of cache poisoning of the recursive
> server. IMO, a LAN connected to public networks, even a small one,
> ought to have the authoritative service on a separate, public-facing
> host, and the recursive service on a protected, internal-network machine
> that is as shielded from public networks as possible.
Thanks for the bits of wisdom.
Do you know any papers/articles/sites that discuss and explain this more?
I have not updated my IT knowledge in years and am a bit thirsty.