Re: Security: Server ns1.mailkast.com (188.8.131.52) is recursive
November 10 2004, 8:37 PM
The security best practices against dns poisoning is to not answer recursive queries for zones that aren't your own. If you only respond for zones you're authoritive for, birthday type attacks aren't possible.
However, doing this can be problematic if you're using your dns server to actually resolve for internal clients to. In that case, you'd have to configure you're internal dns servers to use you're isp's name servers instead of your (external) name server.