BIND 10 #1994: RFC 5001 (NSID) support, configuration
BIND 10 Development
do-not-reply at isc.org
Tue May 29 03:22:46 UTC 2012
#1994: RFC 5001 (NSID) support, configuration
-------------------------------------+-------------------------------------
Reporter: shane | Owner:
Type: | Status: new
enhancement | Milestone: Next-Sprint-
Priority: | Proposed
medium | Resolution:
Component: | Sensitive: 0
Unclassified | Sub-Project: DNS
Keywords: | Estimated Difficulty: 0
Defect Severity: N/A | Total Hours: 0
Feature Depending on Ticket: NSID |
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Comment (by jinmei):
Considering how we end up adding this to RFC4620:
This protocol has the potential of revealing information useful to a
would-be attacker. An implementation of this protocol MUST have a
default configuration that refuses to answer queries from global-
scope [3] addresses.
I also suspect Option 3 wouldn't be the best one. And, even ignoring
the "security/privacy" concerns, I'm not convinced option 3 is the
best "default"; in my understanding, NSID isn't a feature for general
use, but is intended to be used for a limited class of educated
operators.
--
Ticket URL: <http://bind10.isc.org/ticket/1994#comment:3>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list