Authoritative Server - Referrals to root
Unlisted
unlisted at gmail.com
Thu Apr 7 02:38:44 UTC 2005
For security reasons we should not be serving authoritative data if the
end user does not want it/approve of it. This above domain was one
example - but it happens quite often on others. A customers dns will
expire / be terminated / or whatever else and unless they are current
customers we should not be serving anything for them. Serving
authoritative data for a customers zone without their permission could
lead to legal problems (sitefinder revisited).
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40329
Im curious - why would BIND 9 return a NOERROR on a zone thats not in
named.conf? I think the appropriate behaviour would be not to return
the list of ROOT-SERVERS and return a SERVFAIL? Can we turn off
referrals on unknown zones? Maybe just removing the root hints file
does this?
Thanks
More information about the bind-users
mailing list