TLD Survey:Risks

• Open Recursive/Caching Server, Cons

  • Anyone can abuse your server

    • Including using your server to DoS another
    • Including having your server effectively host their domain
  • Leaves you much more vulnerable to cache poisoning/pollution

    • If you are also authoritative, you risk passing on poison/pollution to unsuspecting external clients
    • Hostname-based security can be easily by-passed
    • Poisoned/polluted parent zone increases security risk for all children
    • Eugene Kashpureff used this attack in 1997
  • Causes one server (or set of servers) to do much more work than would otherwise be necessary

Previous slide

Next slide

Back to first slide

View graphic version