[dns-operations] Robert Graham - A Quick Review of the BIND9 Code.
Roland Dobbins
rdobbins at arbor.net
Thu Jul 30 17:50:26 UTC 2015
On 31 Jul 2015, at 0:35, Jonathan Stewart wrote:
> Roland, why did you post this?
Because I thought this community would be interested in knowing what a
fairly prominent security researcher was saying about BIND9. You'd
rather not know?
The recommendation to use hidden masters is sound; and while I disagree
with his terminology, the point about non-query-serving operations
taking place via separate interfaces, shielded when appropriate from
general access via ACLs (not firewalls), is also sound. These things
have nothing to do with software bugs, they're BCPs
<https://app.box.com/s/72bccbac1636714eb611>.
I'm not competent to address (pardon the pun) the coding comments, but
Paul and others here are.
-----------------------------------
Roland Dobbins <rdobbins at arbor.net>
More information about the dns-operations
mailing list