[bind10-dev] ddns
JINMEI Tatuya / 神明達哉
jinmei at isc.org
Tue Nov 29 17:10:54 UTC 2011
At Tue, 29 Nov 2011 07:56:38 +0100,
Peter Koch <pk at DENIC.DE> wrote:
> > For example, if you want to know whether a particular server has
> > authority for a particular zone, you can simply send an SOA query for
> > that zone name to that server. I believe other information that could
> > be "leaked" via prerequisite failures can also be retrieved via simple
> > normal queries.
>
> if ACLs are checked only after the processing (as opposed to where normal
> queries are door bounced), the leak may well happen.
Ah, that's true, but that can be an issue only when normal queries to
an authoritative zones are restricted by ACL, which I supposed is
sufficiently rare in this context.
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
More information about the bind10-dev
mailing list