CH/TXT/VERSION.SERVER queries
Petr Špaček
pspacek at isc.org
Mon Nov 21 17:26:51 UTC 2022
Speaking of default CHAOS zones, I have another idea:
Do we need them after NSID was standardized?
There is a lot of special code just for built-in CH zones, and IIRC we
have had at least one CVE which affected default config only because of
default CH usage.
Anand, what would be missing if special magic for CH is removed and you
are left with standard NSID?
Petr Špaček
On 14. 11. 22 17:39, Ondřej Surý wrote:
> Hi Anand,
>
> correct me if I am wrong, but the VERSION.SERVER doesn't seem to be anywhere
> documented[1], and you are the first one to request it[2].
>
>
> 1. RFC 4892 only talks about ID.SERVER
> 2. Please create a GitLab issue for tracking
>
> Ondrej
> --
> Ondřej Surý (He/Him)
> ondrej at isc.org
>
> My working hours and your working hours may be different. Please do not
> feel obligated to reply outside your normal working hours.
>
>
>
>> On 14. 11. 2022, at 17:33, Anand Buddhdev <anandb at ripe.net> wrote:
>>
>> Hi folks (especially BIND developers),
>>
>> Apologies if this has been discussed and answered before. I just
>> noticed that BIND doesn't respond to CH/TXT/VERSION.SERVER queries. It
>> only responds to ID.SERVER.
>>
>> Other name servers, such as Knot DNS, NSD, Verisign's ATLAS name
>> server, Quad9's and Cloudflare's public resolvers, respond to
>> VERSION.SERVER queries.
>>
>> So what's the reason for BIND not responding to VERSION.SERVER
>> queries? It seems like an anomaly or oversight.
>>
>> Regards,
>> Anand
More information about the bind-users
mailing list