[bind10-dev] bindctl not checking server certificate chain by default
Michal 'vorner' Vaner
michal.vaner at nic.cz
Fri Oct 19 16:28:51 UTC 2012
Hello
On Fri, Oct 19, 2012 at 03:53:53PM +0000, Francis Dupont wrote:
> BTW I object to a "file socket" as the only way because it is not
> available in all systems (e.g., Windows). Of course it can be an
> alternative (the AFTR has it in option and as far as I remember I
> used it only for testing this particular feature :-).
No, I wasn't proposing to have only the file socket support, because we want to
allow remote connections (but I think such case is OK to require some
configuration). But since the only change needed is probably specifying a
different address family and address, it would make sense to use the unix domain
socket as the default unless the user changes it (and of course, fall back to
::1 or something like that on systems which don't support it).
With regards
--
BOFH Excuse #430:
Mouse has out-of-cheese-error
Michal 'vorner' Vaner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind10-dev/attachments/20121019/3821736f/attachment.bin>
More information about the bind10-dev
mailing list