unapproved query from ...
Kevin Darcy
kcd at daimlerchrysler.com
Wed Jun 7 20:00:15 UTC 2000
Mark.Andrews at nominum.com wrote:
> > In article <8hhmgr$5vn at ux.cs.niu.edu>,
> > Neil W Rickert <rickert+nn at cs.niu.edu> wrote:
> > >I'm running named 8.2.2-P3 (on mp.cs.niu.edu)
> > >
> > >I am seeing occasion messages logged, such as
> > >
> > >Jun 5 20:28:56 mp named[199]: unapproved query from
> > >[192.132.210.181].1024 for "www.soci.niu.edu"
> > >
> > >However, I have explicitly allowed queries for zone niu.edu.
> > >
> > >The particular request that generated this log message was
> > >
> > >Jun 5 20:28:56 mp named[199]: XX /192.132.210.181/www.soci.niu.edu/ANY/ANY
> > >
> > >It appears that requests for class=ANY trigger the "unapproved query"
> > >response, even when there is an approved response that could be
> > >given.
> >
> > Yes, this is a bug that's been around for all of BIND 8. I'm surprised it
> > still hasn't been fixed.
> >
>
> Class any queries are a bad idea, inherently non-recursive. Any client
> expecting to get a answer to a class any query that requires recursion
> to succeed is broken.
>
> They are are bad idea for the same reason that qcount != 1 is a bad idea
> as the error handling is not well defined.
>
> We do not intend to fix this.
The inherent non-recursability of class=ANY queries certainly justifies a refusal
to honor the RD bit of a query, but I don't really see how it justifies a refusal
to answer a query from authoritative data.
- Kevin
More information about the bind-users
mailing list