[bind10-dev] allow/deny xfr requests by default?

Stephen Morris stephen at isc.org
Thu Feb 9 11:51:49 UTC 2012


On 09/02/2012 11:16, Shane Kerr wrote:
> Jinmei,
> 
> On Wednesday, 2012-02-08 13:57:35 -0800, JINMEI Tatuya / 神明達哉 
> <jinmei at isc.org> wrote:
>> Do people have an opinion about whether BIND 10 should allow/deny
>> AXFR/IXFR requests by default?  Currently b10-xfrout allows xfr
>> requests by default just like BIND 9 does so.

I would say deny requests by default.

We live in a security-conscious world, so I think that the general
philosophy should be "anything that is not explicitly allowed is
denied" rather than "anything that is not explicitly denied is allowed".

Stephen



More information about the bind10-users mailing list