DNS/キャッシュ毒盛/内部サーバの攻撃について、ここに記述してください。

外部からの再帰検索を許していないというのは安心する理由になりません。

Kaminsky が 2008年のBlackhat講演で示したスライドより

Out Of Bailiwick Referrals, or How To Attack Name Servers Behind Firewalls
DNS doesn’t stop working when you get a referral into another bailiwick
– If foo.com says “Ask that guy over there, here’s his address”,
and that guy is bar.com, the name server goes back to the root and asks: “Heh, where’s bar.com?”

This means any lookup can spawn any other arbitrary lookup, on demand
– 1. Force a lookup to 1.badguy.com
– 2. Reply with a referral (NS or CNAME) to 1.foo.com
• This immediately causes a request to be sent to the foo.com name server
– 3. Follow the reply with an immediate stream of fake replies from the foo.com name server

There are many many ways to do #1