ignored glue
James Raftery
james-bind-users at domainregistry.ie
Tue Oct 3 23:23:31 UTC 2000
On Tue, Oct 03, 2000 at 02:08:42PM +0000, John F Carr wrote:
> 1. Is this required by the RFCs? RFC 2181 5.4.1 says that the address
> in this case is in the least trustworthy category of data, but only
> requires that it not be returned as an answer. There seems to be no
> prohibition on using the address other than as an answer.
Good ideas don't necessarily have to be required by RFCs to be good
ideas :)
> 2. Would there be any security problem if named did forward the request
> to address 1.2.3.4? If the server were going to lie, it could just as
> easily give a false domain name in the NS record.
As a properly delegated-to nameserver for the zone it is quite entitled
to announce any information from that zone - after all, that's its
function. But when it announces information from another zone it steps
outside its area of responsibility.
> 3. Do other nameservers act the same? When did this feature
> get added to BIND?
dnscache, from djbdns, does, FWIW.
Regards,
james
--
James Raftery (JBR54) - Programmer Hostmaster - IE TLD Hostmaster
IE Domain Registry - www.domainregistry.ie - (+353 1) 706 2375
"Managing 4000 customer domains with BIND has been a lot like
herding cats." - Mike Batchelor, on dns at list.cr.yp.to.
More information about the bind-users
mailing list