[Unbound-users] allowing cache queries but not doing recursion for "foreign" networks

Greg A. Woods; Planix, Inc. woods at planix.ca
Sun Feb 15 18:02:28 UTC 2009


On 15-Feb-2009, at 3:43 AM, Robert Edmonds wrote:

> Aaron Hopkins wrote:
>> Cache snooping lets anyone see who you've been talking to, when you  
>> looked
>> it up, and when the cache will expire.
>
> cache snooping can also facilitate amplification attacks, see RFC  
> 5358.


No, not without recursion enabled it can't.

-- 
					Greg A. Woods; Planix, Inc.
					<woods at planix.ca>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20090215/5657348c/attachment.bin>


More information about the Unbound-users mailing list