On Fri, Apr 12, 2002 at 03:11:06PM +0100, Paul Jakma wrote:
> what's wrong with using ACLs to only allow recursion for queries from
> internal networks?
It's just a chinese wall.
More specifically...
Security: Your authoritative database can still be poisoned. No matter
what kludges bind puts in place to try and stop it, as long as the
authoritative and caching databases are shared in-process, poisoning
is too easy.
Security: Too much code facing the world. Not only do you have the
auth code *and* the resolving code facing the world, you *also*
have this "security" ACL code trying to separate local people from
non-local people.
Security: DNS is almost always UDP. Even with perfect ACLs, in the absence
of a separate, good firewall, Nasty Person in Nasty Land can send a
carefully crafted UDP packet pretending to be from a local address
to your DNS server, asking your server to resolve poison.org.
And it will. And it could end up with a poisoned auth database.
Reliability: Greedy (or just misconfigured) local clients of the resolving
dns server don't tie up your important world-visible auth dns server.
And vice-versa.
Speed: All other things being equal, a server that doesn't bother deciding
whether to allow or not allow a query based on an ACL will be quicker
than one that doesn't.
Wesley.
--
Defence in depth - You know it makes sense.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
