Verisign fix
Dave Lugo
dlugo at etherboy.com
Wed Sep 17 21:33:36 UTC 2003
Paul Vixie wrote:
>>... We are screwed because we no longer cache data for .com, etc
>>requiring recursive lookups for everything. Am I misunderstanding how
>>this will work?
>
>
> yes, you are. use of the delegation-only feature does not prevent caching.
>
Uhh... this seems a bit odd - I can no longer query for NS records from
the root:
dlugo at spot> dig ns stk.com
; <<>> DiG 9.2.2rc1 <<>> ns stk.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21648
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;stk.com. IN NS
;; Query time: 274 msec
;; SERVER: 192.168.7.1#53(192.168.7.1)
;; WHEN: Wed Sep 17 17:31:36 2003
;; MSG SIZE rcvd: 25
Sep 17 17:31:36 spot named[4086]: enforced delegation-only for 'com'
(stk.com)
Does this mean that the patch will break the 'doc' utility, and any
other similar queries such as the one above?
--
--------------------------------------------------------
Dave Lugo dlugo at etherboy.com LC Unit #260 TINLC
Have you hugged your firewall today? No spam, thanks.
--------------------------------------------------------
Are you the police? . . . . No ma'am, we're sysadmins.
More information about the bind-users
mailing list