Options dialog - DNS - Resolver - Recursion
(Main window -> Options button -> DNS / Resolver / Recursion section)
Copyright © 1999-2011 JH Software ApS
Options dialog - DNS - Resolver - Recursion |
Simple DNS Plus v. 5.2 Copyright © 1999-2011 JH Software ApS |
|
| • | Perform DNS recursion (resolve non-local domain names) |
Specify which IP addresses should be offered recursion.
You can list multiple IP addresses, IP address ranges, and/or IP address subnets.
For DNS servers accessible from the Internet, it is highly recommend that you limit recursion to IP addresses on the local area network as this prevents DNS cache snooping and helps protect against cache poisoning (spoofing) - see How to secure your server.
| • | Maximum recursive DNS requests to resolve in parallel Specifies the maximum number of recursive requests to resolve at the same time. |
| • | To protect against cache poisoning (spoofing), only accept responses from other DNS servers which |
| • | Come from the IP address that the corresponding request was sent to Enabling this option helps protect against DNS spoofing attacks. See How to secure your server / DNS spoofing. This is only an option because some multi-homed DNS servers may not respond from the same IP address as the DNS request was sent to, making it is impossible to resolve domains hosted by such a DNS server with this option enabled. This is however pretty rare and we generally recommend enabling this option. |
| • | Echo the request's question section Enabling this option helps protect against DNS spoofing attacks. See How to secure your server / DNS spoofing. This is only an option because older DNS servers/forwarders/devices may not include the question in the response as this was not originally an RFC requirement. This is however pretty rare and we generally recommend enabling this option. |