Monday, February 20, 2006

DNS recursion

Here are discussion concerning the problems related to allowing DNS recursion: "The Continuing Denial of Service Threat Posed by DNS Recursion" and "Looking behind the smoke screen of the Internet: DNS recursive attacks, spamvertised domains, phishing, botnet C&C's, Internet infrastructure and you".

While turning off recursion can be a good thing, there are justifiable uses for it. I've had to argue at length against a policy that all recursion be disabled, even internally.