ref: cf442e829d634703c3a3ec3a81ac9cbc4a7d03ef
parent: 5ff1ad0bee58a56ca06a3cccd4e64c18fe8df068
author: jrmu <jrmu@cloud9p.org>
date: Wed Jul 31 07:02:05 EDT 2024
Add note about caching server and amplification attacks
--- a/ndb.ms
+++ b/ndb.ms
@@ -16,4 +16,8 @@
Note: when you lookup a name using whatever nameserver is defined in /lib/ndb/local, if it's not found, ndb will recursively search the root nameservers to find the entry
Most resolvers will normally give up, but ndb is really persistent.
+To run a caching DNS server, modify /cfg/$sysname/termrc or /cfg/$sysname/cpurc (whichever is appropriate) to include the following:
+ndb/dns -rs
+Be aware that there are no access controls to this caching server. This makes the server vulnerable to being used in a DDoS amplification attack using DNS. You will need to firewall off access.
+