BIND 8.x, security, and delegations
Barry Margolin
barmar at bbnplanet.com
Tue Jun 15 16:14:40 UTC 1999
In article <376679F5.956D7BB4 at jax.org>, Gregg TeHennepe <gat at jax.org> wrote:
>Has named lost its mind? Why would the req return differently:
>
>req: found 'www.informatics.jax.org' as 'informatics.jax.org' (cname=0)
> vs
>req: found 'www.informatics.jax.org' as 'www.informatics.jax.org' (cname=0)
>
>Should I report this behavior to the ISC folks?
I have a guess.
The first query came from an address in your allow-query list. So the
server performed a recursive query, got the answer, added it to its cache,
and returned it to the client.
The second query came from an address not in the allow-query list. If the
answer hadn't already been in the cache, it would have returned the NS
delegation records. But since the answer was in the cache, it fell through
to the code that tries to respond. It then noticed that this was from an
unauthorized address, so it rejected the query.
--
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list