I'm wondering if disabling recursion on a public-facing dns server which accepts forwarded resolution requests from private network servers is truly a feasible way of mitigating the risk of DDOS attacks. I have heard this solution proprosed as a security measure but I was under the impression that disabling recursion meant that the server would be only able to function as a caching-only dns server.
Let's figure this out folks.
- JB