[dns-operations] Concerns regarding the ICANN/IANA DNS vulnerability checker
matt.pounsett at cira.ca
Wed Aug 20 06:19:02 UTC 2008
On 20-Aug-2008, at 00:36 , Paul Vixie wrote:
>>>> The cache contents are, by default, not returned by later
>>>> version of BIND 9 except to directly connected clients.
>>> what does "directly connected" mean in this context?
>> Matches the built in acls localnets; or localhost;
> so if BIND9 has to go searching around for the A RR for some NS in
> to send a NOTIFY, and then later it has to answer with a referral that
> includes that NS, will it only include the A RR (that it fetched for
> NOTIFY) in the additional data section if the query source matches the
> built-in ACLs localnets or localhost?
This is perhaps getting a bit BIND-specific for dns-ops, but at what
point did the behaviour change? In the 9.3 branch, authority servers
will hand out cached NOTIFY lookups to queriers outside of localnets.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 194 bytes
Desc: This is a digitally signed message part
More information about the dns-operations