Vulnerabilities in bind

Jim Reid jim at mpn.cp.philips.com
Thu Dec 2 19:09:24 UTC 1999


>>>>> "ed" == ed  <edx at intrinsec.com> writes:

    ed> Thanks for the one that told me about RFC 2535 I read (a part)
    ed> of it, but it's still not clear specially the part : "The NXT
    ed> RR permits authenticated denial of the existence of a name or
    ed> of an RR type for an existing name." what does this mean ?

It means that a resource record of type NXT can be used to prove that
some name does not exist in the DNS. NXT records can also be used to
prove that a name does exist in the DNS, but the record type for that
name is not the same as the one that was asked for. ie. NXT records
can verify answers like "foobar.example.com does not exist at all" or
"there's no XXX record for foobar.example.com". [Replace XXX with the
resource record type of your choice: A, SOA, PTR, etc, etc.]


More information about the bind-users mailing list