allow-query does not seem to restrict access to version.bind in 9.2.1
Simon at wretched.demon.co.uk
Sat Jun 22 11:58:15 UTC 2002
Jesper Dybdal wrote:
> But in 9.2.1, everybody seems to be able to access my version number.
> So I have two questions:
> * Why is a request for version.bind not blocked?
Thats the way it is coded.
Seems the two default zones have their own routines with no ACLs
applied (authors.bind as well).
> * Is this deliberate?
Unclear - the documentation says that allow-query blocks
ordinary queries, but I've no idea what the definition of an
ordinary query is.
I'm not quite clear why this code appears to be called before
the program drops root privileges, maybe I'm missing a subtlety,
but it doesn't look essential.
More information about the bind-users