[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dns-operations
Subject:    [dns-operations] Concerns regarding the ICANN/IANA DNS vulnerability checker
From:       matt.pounsett () cira ! ca (Matthew Pounsett)
Date:       2008-08-20 6:19:02
Message-ID: 505168F4-2441-46D8-80B3-3C8450295E79 () cira ! ca
[Download RAW message or body]


On 20-Aug-2008, at 00:36 , Paul Vixie wrote:

>>>> 	The cache contents are, by default, not returned by later
>>>> 	version of BIND 9 except to directly connected clients.
>>>
>>> what does "directly connected" mean in this context?
>>
>> 	Matches the built in acls localnets; or localhost;
>
> so if BIND9 has to go searching around for the A RR for some NS in  
> order
> to send a NOTIFY, and then later it has to answer with a referral that
> includes that NS, will it only include the A RR (that it fetched for  
> the
> NOTIFY) in the additional data section if the query source matches the
> built-in ACLs localnets or localhost?

This is perhaps getting a bit BIND-specific for dns-ops, but at what  
point did the behaviour change?  In the 9.3 branch, authority servers  
will hand out cached NOTIFY lookups to queriers outside of localnets. 
  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <http://lists.oarci.net/pipermail/dns-operations/attachments/20080820/4824099a/attachment.bin>

[prev in list] [next in list] [prev in thread] [next in thread]