underscores and 8.2.2-P5

Mark.Andrews at iengines.com Mark.Andrews at iengines.com
Sat Dec 4 01:27:40 UTC 1999

> > Another possibility is to perform the ns_nameok() on the query before
> > the query is forwarded, and return REFUSED - or maybe even FORMERR instead.
> > I believe it would require slightly more coding than the 5-liner shown belo
> w 
> > but probably
> > not much more... You should be able to do it in ns_req.c just before it cal
> ls
> > ns_forw() - I think.
> > 
> > That way any legal answer which reaches the cache is never checked by
> > ns_nameok() again,
> > which presumably will give a performance benefit.
> The problem is that the bad data is already in the cache, as auth
> data, or possibly as legal data from a different, previous query...
> Probably the ideal place to do the check is at the tail end of
> db_load(), but it's still a bunch of work.  Having written my
> quick-hack patch, I've turned it off in the code we're using, just
> because of performance concerns.  (Dang it, they're supposed to
> have valid zone data before they load it!!!)
> lamont

	The *only* way to do this is on a per query basis.  The
	CNAME by itself is valid.  The A record by itself is valid.
	Only the lookup of a A/MX using the CNAME's ownername is
	invalid.  This check cannot be a static check as it is
	query type sensitive.

Mark Andrews, Internet Engines Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at iengines.com

More information about the bind-workers mailing list