FQDNs in masters-list (was: Help: Secondary for...)

Brad Knowles brad.knowles at skynet.be
Mon Mar 12 19:55:21 UTC 2001

At 1:14 PM -0500 3/12/01, Kevin Darcy wrote:

>  Um, yeah, so what? This is the *BIND* list, not namedroppers. It's
>  appropriate to discuss implementation details here. I'd like to see
>  signed-NOTIFY-based slave auto-configuration someday added to BIND, and
>  I'm eliciting comments on whether folks would find this a valuable
>  feature or not. I assume your answer is "no" (?)

	You can't propose protocol changes to solve a problem specific to 
BIND.  Use BIND-specific mechanisms to solve problems specific to 
BIND, and use protocol changes to solve problems in the protocol. 
But never the twain should meet.

>  Well, I don't know about "unsigned content within a zone transfer". If
>  the zone transfer itself is signed, is that not sufficient?

	Not unless you can guarantee that signing the zone transfer 
itself is sufficient to guarantee freedom from replay attacks.  There 
may also be additional reasons, which I have not yet figured out. 
For now, I'm leaning towards the probability that you'd have to sign 
each and every record within the zone, as well as the SOA for the 

Brad Knowles, <brad.knowles at skynet.be>

#!/usr/bin/perl -w
# 531-byte qrpff-fast, Keith Winstein and Marc Horowitz <sipb-iap-dvd at mit.edu>
# MPEG 2 PS VOB file on stdin -> descrambled output on stdout
# arguments: title key bytes in least to most-significant order
# Usage:
# qrpff 153 2 8 105 225 /mnt/dvd/VOB_FILE_NAME | extract_mpeg2 | mpeg2_dec -
$m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;$t^=(72, at z=(64,72,$a^=12*($_%16
-2?0:$m&17)),$b^=$_%64?12:0, at z)[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h
=5;$_=unxb24,join"", at b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$
(($h>>=8)+=$f+(~$g&$t))for at a[128..$#a]}print+x"C*", at a}';s/x/pack+/g;eval

More information about the bind-users mailing list