|Main Archive Page > Month Archives > full-disclosure-uk archives|
> As a workaround, it is recommended to set DNS servers to forward only.
> Can someone explain why that helps?
It helps if the network between recursor and forwarder is trusted. If it's not, the attacker must still obtain the IP addresses involved and the forwarder source port, which doesn't immediately leak to the attacker. So automated attacks are somewhat less likely.