about the additional section
Florian Weimer
fweimer at bfk.de
Fri Sep 2 07:43:56 UTC 2011
* 风河:
> i just want to make sure about it, and will the client resolver use the
> additional records directly?
It is somewhat difficult to make correct use of the additional section.
For example, Exim tried to do it, but they had to remove the code
because it caused spurious mail delivery failures. Nowadays, Exim just
sends explicit DNS queries for everything it needs, and no one has
complained about that.
Even if you manage that, there are other resolvers out there which do
not scrub the additional section (unlike BIND 9), so if you use that
data, you end up with a DNS poisoning vulnerability.
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the bind-users
mailing list