delegation-only can break .name
Pete Ehlke
pde at ehlke.net
Sat Oct 11 14:19:06 UTC 2003
On Sat, Oct 11, 2003 at 06:45:21AM +0400, Ladislav Vobr wrote:
>
>
> Jeremy_Powell at sbcss.k12.ca.us wrote:
> > Isn't this what the excludes part of the
> > root-delegation-only is meant for. However,
> > I have wondered since the introduction of
> > root-delegation-only why it did not default
> > to none with an include list rather than
> > default to all with an exclude list?
>
> this seems to me to be definitely better approach.
>
BIND defaults to "none" unless you explicitly tell it to enforce
a delegation only policy. You, as the administrator, decide wehter you
want your delegation only policy to default to none with an include list
or all with an exclude list.
If you want 'none with an include list', you use delegation-only.
If you want 'all with an exclude list', you use root-delegation-only.
The ISC gave you a choice of tools. You need to decide which is
appropriate for your site.
-Pete
More information about the bind-users
mailing list