Maintained by: NLnet Labs

[Unbound-users] allowing cache queries but not doing recursion for "foreign" networks

Ondřej Surý
Mon Feb 16 00:17:16 CET 2009

> I.e. if recursion is _not_ performed for any "foreign" queries then nobody
> outside of the networks "trusted" by the caching nameserver can succeed at
> this attack any more than they could succeed at using _any_ and _every_
> authoritative nameserver "normally".

Sorry, but you are wrong, f.e. see recent attack on ISPrime:

Ondřej Surý <ondrej at>