<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 6, 2014 at 1:14 PM, Lightner, Jeff <span dir="ltr"><<a href="mailto:JLightner@dsservices.com" target="_blank">JLightner@dsservices.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">You can and SHOULD turn off recursion from external facing interface as anyone coming to you should only be resolving the domains for which you are authoritative.
You can leave recursion on for the internal facing network but should do that only if your internal folks use your DNS servers to resolve external domains (e.g. <a href="http://google.com" target="_blank">google.com</a>, <a href="http://yahoo.com" target="_blank">yahoo.com</a> etc…).</span></blockquote></div><br>PowerDNS makes this _super_ easy -- <a href="https://www.powerdns.com">https://www.powerdns.com</a><br><br clear="all"><div><br></div>-- <br>James Sumners<br><a href="http://james.roomfullofmirrors.com/">http://james.roomfullofmirrors.com/</a><br><br>"All governments suffer a recurring problem: Power attracts pathological personalities. It is not that power corrupts but that it is magnetic to the corruptible. Such people have a tendency to become drunk on violence, a condition to which they are quickly addicted."<br><br>Missionaria Protectiva, Text QIV (decto)<br>CH:D 59
</div></div>