please review Bv9ARM-book changes for integrating AusCERT AL-1999.004
Jeremy C. Reed
reed at reedmedia.net
Mon May 7 19:44:25 UTC 2007
Thank you for your reply. I am only commenting on one small part of it...
> > A "primary zone" is a zone for which a server has the
> > DNS master file described in RFC1035 and the server is
> > one of the name servers that has been delegated the domain.
> "Primary" is now obsolete terminology. This should be "authoritative".
> Also, whether the name server has been delegated or not is irrelevant.
> The main issue is whether the server itself thinks it has a copy of
> the zone file. Many servers are authoritative for some zones and
> also provide recursive service, some servers are auth-only and others
> are recursive-only.
> By splitting off the various variants of how people might use
> authoritative servers into separate largely redundant sections,
> the main issues are obscured.
> The example for the authoritative case also misses the point of the
> "bogon" list in the first example. The bogon list applies equally
> well to all servers on a public network, perhaps with exceptions for
> blackholing private RFC1918 networks if the server is accessible both
> from the Internet and private networks using RFC1918 addresses.
> > 9.2.3 (3) Queries for Names in Official Secondary Zones
> "Secondary" is not only old terminology but the distinction
> primary/secondary is irrelevant, see "authoritative" above.
The "primary" and "secondary" (and "master" and "slave") terminology is
already used in the Bv9ARM document maintained by ISC and included with
BIND source. I didn't mean to add new terminology to the book.
Anyone else have thoughts on this?
Maybe someone can provide a diff for the bind9/doc/arm/Bv9ARM-book.xml
to mention that the terminology is obsolete and then use the correct terms
Jeremy C. Reed
More information about the bind-workers