Zoeken:

Nieuws:
TippingPoint Roadshow
IPv6 Evenement
Run op thuiswerkoploss...
XS4ALL organiseert vei...
TUNIX-opleidingen Cede...

Alerts:
Adobe Acrobat and Reade...
Kwetsbaarheid certifica...
CERT-2008-1447 DNS vuln...
Animated cursor ANI exp...
MS Internet Explorer vu...
External DNS recursion ...

Gemeente Arnhem:
Gemeente Arnhem
"... Wij zijn op bepaalde punten liever generalist dan specialist. Bepaald werk moet je aan specialisten overlaten en in het geval van TUNIX is dat netwerkbeveiliging. ..."

Vacatures:

Support / Alerts

External DNS and recursion on TUNIX/Firewalls

Certain issues have come to light recently with regard to recursive DNS queries(*) to DNS servers which have prompted TUNIX to reevaluate its views about recursion and take preemptive measures.

TUNIX advises to disallow recursive requests to an external DNS server on the TUNIX/Firewall.

Within two weeks of time TUNIX Support will start with adapting the default behaviour of the external DNS server on the TUNIX/Firewall. From then on recursive queries will no longer be allowed.

The firewall will be equipped with the p-security-03 update as soon as possible. This update will have *no* impact on running services.

Until the disabling of recursive queries has been configured the firewall will keep the existing functionality.

If you object to the disabling of recursive queries contact TUNIX Support via the standard channels (see below).

There is at this point is no immediate risk but TUNIX believes it prudent to take preemptive action.

If you have any questions please contact TUNIX Support. The quickest way to do that is via email ('fwsupport@tunix.nl') or phone (024-3455012).

Sincerely

on behalf of TUNIX Support, S. Verkooijen

(*) DNS recursion

A recursive DNS request means that DNS clients asks a request whereby the the server will try answer even though the information cannot be found in its own configuration. The DNS server will query other DNS servers if necessary to find the answer.

A client can therefore ask the DNS server of acme.nl for the IP adres of www.acme.com and get a reply even though acme.nl's DNS server has to consult acme.com's DNS server.

When recursion is disabled the DNS server will search no further than its own configuration. The client in the example above will get no reply at its query.

Back to the overview...