allow-query does not seem to restrict access to version.bind in 9.2.1

Simon Waters Simon at wretched.demon.co.uk
Sat Jun 22 11:58:15 UTC 2002


Jesper Dybdal wrote:
> 
> But in 9.2.1, everybody seems to be able to access my version number.
> 
> So I have two questions:
> * Why is a request for version.bind not blocked?

Thats the way it is coded. 

Seems the two default zones have their own routines with no ACLs
applied (authors.bind as well). 

> * Is this deliberate?

Unclear - the documentation says that allow-query blocks
ordinary queries, but I've no idea what the definition of an
ordinary query is.

I'm not quite clear why this code appears to be called before
the program drops root privileges, maybe I'm missing a subtlety,
but it doesn't look essential.


More information about the bind-users mailing list