parental-agents clause - IP address only ?
Erich Eckner
bind at eckner.net
Tue Dec 6 06:58:05 UTC 2022
Hi,
On Mon, 5 Dec 2022, Matthijs Mekking wrote:
> 'parental-agents' work the same as 'primaries'. It only supports addresses.
>
> Listing them as domain names would technically be possible to implement, but
> it requires an authoritative server to act as an resolver. Adding resolver
> code to the path of an authoritative server is like crossing the streams. It
> adds security risks that are unnecessary for an authoritative server, so I'd
> rather not add such functionality.
This made me curious: Is there some design rule forbidding bind to use the
system resolver to resolve names it does not know about? I.e. why does it
not query any resolvers in /etc/resolv.conf (probably via some system
interface - sry, I have no idea, how "normal" programs resolve names) if
it encounters an unknown name at a place where only an ip address is
allowed so far?
That being said: I'm not saying, it *should* do so, I'm merely curious,
why it does not. :-)
>
> Best regards,
>
> Matthijs
regards,
Erich
More information about the bind-users
mailing list