check-names vs. acl

Matus UHLAR - fantomas uhlar at fantomas.sk
Fri Feb 26 10:43:48 UTC 2010


> In message <20100225123134.GB2028 at fantomas.sk>, Matus UHLAR - fantomas writes:
> > On 25.02.10 12:01, Matus UHLAR - fantomas wrote:
> > > I see that hosts that are not allowed to recurse are often generating
> > > check-named errors.
> > 
> > check-names it is.
> > 
> > I apparently too often use "named" so I do this king of mistypes.
> > 
> > > I wonder if it wouldn't be better to check ACL's first and check-names just
> > > after it?

On 26.02.10 13:08, Mark Andrews wrote:
> It really depends what's more important for you to see.  Whether
> you got a recursive query that didn't match a acl or a query that
> failed check-names.  Both get REFUSED so the client can't tell the
> difference.

I personally don't care about broken requests from unknown IPs and would
like to log them as unauthorized, not invalid requests.
My question is if this is acceptable and doable.
-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Quantum mechanics: The dreams stuff is made of. 



More information about the bind-users mailing list