[dns-operations] Concerns regarding the ICANN/IANA DNS vulnerability checker
Florian Weimer
fweimer at bfk.de
Tue Aug 19 16:14:56 UTC 2008
* Roy Arends:
> Another reason, and this is not that known, is that the
> authoritative server needs to notify others at times, and needs to
> resolve and cache those addresses, despite its configuration.
Ouch, thanks for sharing this information. With BIND 9, this also
happens for a view which is explicitedly configured as "recursion no".
Is there any particular reason why BIND cannot use the configured
system resolver to locate the server to send notifies to? Can this
behavior be changed through configuration, so that BIND acts as a true
authoritative-only server?
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the dns-operations
mailing list