[prev in list] [next in list] [prev in thread] [next in thread]
List: dns-operations
Subject: [dns-operations] Concerns regarding the ICANN/IANA DNS vulnerability checker
From: matt.pounsett () cira ! ca (Matthew Pounsett)
Date: 2008-08-20 6:19:02
Message-ID: 505168F4-2441-46D8-80B3-3C8450295E79 () cira ! ca
[Download RAW message or body]
On 20-Aug-2008, at 00:36 , Paul Vixie wrote:
>>>> The cache contents are, by default, not returned by later
>>>> version of BIND 9 except to directly connected clients.
>>>
>>> what does "directly connected" mean in this context?
>>
>> Matches the built in acls localnets; or localhost;
>
> so if BIND9 has to go searching around for the A RR for some NS in
> order
> to send a NOTIFY, and then later it has to answer with a referral that
> includes that NS, will it only include the A RR (that it fetched for
> the
> NOTIFY) in the additional data section if the query source matches the
> built-in ACLs localnets or localhost?
This is perhaps getting a bit BIND-specific for dns-ops, but at what
point did the behaviour change? In the 9.3 branch, authority servers
will hand out cached NOTIFY lookups to queriers outside of localnets.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <http://lists.oarci.net/pipermail/dns-operations/attachments/20080820/4824099a/attachment.bin>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic