unapproved query from ...

[Mark.Andrews at nominum.com]

> In article <8hhmgr$5vn at ux.cs.niu.edu>,
> Neil W Rickert  <rickert+nn at cs.niu.edu> wrote:
> >I'm running  named 8.2.2-P3 (on mp.cs.niu.edu)
> >
> >I am seeing occasion messages logged, such as
> >
> >Jun  5 20:28:56 mp named[199]: unapproved query from
> >[192.132.210.181].1024 for "www.soci.niu.edu"
> >
> >However, I have explicitly allowed queries for zone niu.edu.
> >
> >The particular request that generated this log message was
> >
> >Jun  5 20:28:56 mp named[199]: XX /192.132.210.181/www.soci.niu.edu/ANY/ANY
> >
> >It appears that requests for class=ANY trigger the "unapproved query"
> >response, even when there is an approved response that could be
> >given.
> 
> Yes, this is a bug that's been around for all of BIND 8.  I'm surprised it
> still hasn't been fixed.
> 

Class any queries are a bad idea, inherently non-recursive.  Any client
expecting to get a answer to a class any query that requires recursion
to succeed is broken.

They are are bad idea for the same reason that qcount != 1 is a bad idea
as the error handling is not well defined.

We do not intend to fix this.

Mark
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com