If you provide a caching name server(most normal corporate/public
networks do) than it can be poisoned with bad entries. One way to be
a good citizen on the net is to not allow recursion outside your
network. This way if your cache is poisoned you won't be contributing
to the problem outside your own network. It is as simple as setting
up an ACL for the subnets you control. for example.

acl "internal" { 10.1.1.0/24; };

options {
allow-recursion { internal; };
};


On Jul 13, 2006, at 10:39 AM, Jeff Lightner wrote:

> Is cache poisoning an issue for standard master/slave name servers or
> only for caching name servers?
> Jeffrey C. Lightner
> Unix Systems Administrator
> DS Waters of America, LP
> 678-486-3516
>
>
>
>