FQDNs in masters-list (was: Help: Secondary for...)

Brad Knowles brad.knowles at skynet.be
Sat Mar 10 03:01:28 UTC 2001

At 4:04 PM -0500 3/9/01, Kevin Darcy wrote:

>  5. Therefore, it can confidently auto-configure itself as a slave 
>for the zone.

	This is out of scope of the DNS protocol.  You're getting into 
named.boot or named.conf file changes that have to be made, and that 
is an implementation detail that is out of scope.

	I'm going to have to think about some of the other possible implications.

>  Again, the ability to sign the NOTIFY adds a level of trust, so that you
>  know this is the *real* master residing on a new address, rather than Joe
>  Random User trying to trick you into accepting their copy of the zone.

	One thing that strikes me is that you have eliminated all forms 
of trust, other than the key.  This means that the secondary MUST NOT 
accept unsigned zone transfers, or unsigned content within a zone 
transfer, because it can't trust that the machine with IP address and key XYZ five minutes ago still has that same IP 

>  P.S. Why are you sending these messages to me personally, as well 
>as to the list?

	By default, group replies go back to the original sender plus the 
original recipients.  If you don't want to receive private copies of 
public messages from me, just let me know and I'll try to make sure 
they don't happen for you again.

Brad Knowles, <brad.knowles at skynet.be>

#!/usr/bin/perl -w
# 531-byte qrpff-fast, Keith Winstein and Marc Horowitz <sipb-iap-dvd at mit.edu>
# MPEG 2 PS VOB file on stdin -> descrambled output on stdout
# arguments: title key bytes in least to most-significant order
# Usage:
# qrpff 153 2 8 105 225 /mnt/dvd/VOB_FILE_NAME | extract_mpeg2 | mpeg2_dec -
$m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72, at z=(64,72,$a^=12*($_%16
-2?0:$m&17)),$b^=$_%64?12:0, at z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h
=5;$_=unxb24,join"", at b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$
(($h>>=8)+=$f+(~$g&$t))for at a[128..$#a]}print+x"C*", at a}';s/x/pack+/g;eval

More information about the bind-users mailing list