underscores and 8.2.2-P5
Mark.Andrews at iengines.com
Mark.Andrews at iengines.com
Sat Dec 4 01:27:40 UTC 1999
> > Another possibility is to perform the ns_nameok() on the query before
> > the query is forwarded, and return REFUSED - or maybe even FORMERR instead.
> > I believe it would require slightly more coding than the 5-liner shown belo
> w
> > but probably
> > not much more... You should be able to do it in ns_req.c just before it cal
> ls
> > ns_forw() - I think.
> >
> > That way any legal answer which reaches the cache is never checked by
> > ns_nameok() again,
> > which presumably will give a performance benefit.
>
> The problem is that the bad data is already in the cache, as auth
> data, or possibly as legal data from a different, previous query...
> Probably the ideal place to do the check is at the tail end of
> db_load(), but it's still a bunch of work. Having written my
> quick-hack patch, I've turned it off in the code we're using, just
> because of performance concerns. (Dang it, they're supposed to
> have valid zone data before they load it!!!)
>
> lamont
>
The *only* way to do this is on a per query basis. The
CNAME by itself is valid. The A record by itself is valid.
Only the lookup of a A/MX using the CNAME's ownername is
invalid. This check cannot be a static check as it is
query type sensitive.
Mark
--
Mark Andrews, Internet Engines Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at iengines.com
More information about the bind-workers
mailing list