Here are discussion concerning the problems related to allowing DNS recursion: "The Continuing Denial of Service
Threat Posed by DNS Recursion" and "Looking behind the smoke screen of the Internet: DNS recursive attacks, spamvertised domains, phishing, botnet C&C's, Internet infrastructure and you
While turning off recursion can be a good thing, there are justifiable uses for it. I've had to argue at length against a policy that all recursion be disabled, even internally.
Post a Comment