Can anyone tell me what the vulnerability is in the most recent release of Bind is regarding Forwarding and Recursive lookups?
We want to implement GSLB(Global Server Load Balancing) on our Netscalers and the only way I know how to do that is to forward requests for my subdomain from the main DNS Server.
The DNS team is saying that it is a major security risk to allow recursion but my understanding is that bind 9.5 patched this vulnerability right? They are saying that if someone tries a recursive lookup our Netscalers will get DOS'd and that it wouldn't just send recursive lookups for the subdomain.
I have googled and searched but I cannot get a clear answer on if this has been patched or not. We have it set up and running in a lab just fine so I know it can be done with Unix based Bind and Netscaler GSLB using recursion.