[Unbound-users] allowing cache queries but not doing recursion for "foreign" networks

Ondřej Surý ondrej at sury.org
Sun Feb 15 23:17:16 UTC 2009

> I.e. if recursion is _not_ performed for any "foreign" queries then nobody
> outside of the networks "trusted" by the caching nameserver can succeed at
> this attack any more than they could succeed at using _any_ and _every_
> authoritative nameserver "normally".

Sorry, but you are wrong, f.e. see recent attack on ISPrime:


Ondřej Surý <ondrej at sury.org>

More information about the Unbound-users mailing list