Vulnerable DNS servers, RFC
Brad Knowles
brad at stop.mail-abuse.org
Tue Oct 25 16:37:47 UTC 2005
At 4:04 PM +0000 2005-10-25, Thomas Schulz wrote:
> Can't you do this with views? Could you make one view authoritative-only
> and another view recursive? I know that you can give out different
> authoritative data from different views and I thought that I had read
> somewhere that views could also differ in whether recursion was allowed
> or not.
The problem is that views will still use the same shared database.
Moreover, you can do views based on the incoming source IP
address of the query, but not on the IP address of the interface on
which the query is coming in on. ACLs look at the IP address of the
query, not the IP address of the interface.
Views does give you some protection here, but not as much as
running two totally separate instances on the same machine, and
certainly not as much as running two totally separate machines.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the bind-users
mailing list