[dns-operations] Concerns regarding the ICANN/IANA DNS vulnerability checker
Matthew Pounsett
matt.pounsett at cira.ca
Wed Aug 20 06:19:02 UTC 2008
On 20-Aug-2008, at 00:36 , Paul Vixie wrote:
>>>> The cache contents are, by default, not returned by later
>>>> version of BIND 9 except to directly connected clients.
>>>
>>> what does "directly connected" mean in this context?
>>
>> Matches the built in acls localnets; or localhost;
>
> so if BIND9 has to go searching around for the A RR for some NS in
> order
> to send a NOTIFY, and then later it has to answer with a referral that
> includes that NS, will it only include the A RR (that it fetched for
> the
> NOTIFY) in the additional data section if the query source matches the
> built-in ACLs localnets or localhost?
This is perhaps getting a bit BIND-specific for dns-ops, but at what
point did the behaviour change? In the 9.3 branch, authority servers
will hand out cached NOTIFY lookups to queriers outside of localnets.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20080820/4824099a/attachment.sig>
More information about the dns-operations
mailing list