[dns-operations] Concerns regarding the ICANN/IANA DNS vulnerability checker

Florian Weimer fweimer at bfk.de
Tue Aug 19 16:14:56 UTC 2008

* Roy Arends:

> Another reason, and this is not that known, is that the
> authoritative server needs to notify others at times, and needs to
> resolve and cache those addresses, despite its configuration.

Ouch, thanks for sharing this information.  With BIND 9, this also
happens for a view which is explicitedly configured as "recursion no".

Is there any particular reason why BIND cannot use the configured
system resolver to locate the server to send notifies to?  Can this
behavior be changed through configuration, so that BIND acts as a true
authoritative-only server?

Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

More information about the dns-operations mailing list