[dns-operations] Robert Graham - A Quick Review of the BIND9 Code.

Roland Dobbins rdobbins at arbor.net
Thu Jul 30 17:50:26 UTC 2015

On 31 Jul 2015, at 0:35, Jonathan Stewart wrote:

> Roland, why did you post this?

Because I thought this community would be interested in knowing what a 
fairly prominent security researcher was saying about BIND9.  You'd 
rather not know?

The recommendation to use hidden masters is sound; and while I disagree 
with his terminology, the point about non-query-serving operations 
taking place via separate interfaces, shielded when appropriate from 
general access via ACLs (not firewalls), is also sound.  These things 
have nothing to do with software bugs, they're BCPs 

I'm not competent to address (pardon the pun) the coding comments, but 
Paul and others here are.

Roland Dobbins <rdobbins at arbor.net>

More information about the dns-operations mailing list