Vulnerable DNS servers, RFC

JINMEI Tatuya / 神明達哉 jinmei at isl.rdc.toshiba.co.jp
Tue Oct 25 17:51:07 UTC 2005


>>>>> On Tue, 25 Oct 2005 18:37:47 +0200, 
>>>>> Brad Knowles <brad at stop.mail-abuse.org> said:

>> Can't you do this with views?  Could you make one view authoritative-only
>> and another view recursive?  I know that you can give out different
>> authoritative data from different views and I thought that I had read
>> somewhere that views could also differ in whether recursion was allowed
>> or not.

> 	The problem is that views will still use the same shared database.

I may misunderstand the point you're making, but different views have
different cache DBs.

> 	Moreover, you can do views based on the incoming source IP 
> address of the query, but not on the IP address of the interface on 
> which the query is coming in on.  ACLs look at the IP address of the 
> query, not the IP address of the interface.

Again, I may misunderstand the point, but we can select a view per
query's  destination address basis (= "the IP address of the interface
on which the query is coming in on"), using "match-destinations".

					JINMEI, Tatuya
					Communication Platform Lab.
					Corporate R&D Center, Toshiba Corp.
					jinmei at isl.rdc.toshiba.co.jp



More information about the bind-users mailing list