underscores and 8.2.2-P5

LaMont Jones lamont at security.hp.com
Fri Dec 3 14:14:16 UTC 1999


> Another possibility is to perform the ns_nameok() on the query before
> the query is forwarded, and return REFUSED - or maybe even FORMERR instead.
> I believe it would require slightly more coding than the 5-liner shown below 
> but probably
> not much more... You should be able to do it in ns_req.c just before it calls
> ns_forw() - I think.
> 
> That way any legal answer which reaches the cache is never checked by
> ns_nameok() again,
> which presumably will give a performance benefit.

The problem is that the bad data is already in the cache, as auth
data, or possibly as legal data from a different, previous query...
Probably the ideal place to do the check is at the tail end of
db_load(), but it's still a bunch of work.  Having written my
quick-hack patch, I've turned it off in the code we're using, just
because of performance concerns.  (Dang it, they're supposed to
have valid zone data before they load it!!!)

lamont


More information about the bind-workers mailing list