[bind10-dev] allow/deny xfr requests by default?
Stephen Morris
stephen at isc.org
Thu Feb 9 11:51:49 UTC 2012
On 09/02/2012 11:16, Shane Kerr wrote:
> Jinmei,
>
> On Wednesday, 2012-02-08 13:57:35 -0800, JINMEI Tatuya / 神明達哉
> <jinmei at isc.org> wrote:
>> Do people have an opinion about whether BIND 10 should allow/deny
>> AXFR/IXFR requests by default? Currently b10-xfrout allows xfr
>> requests by default just like BIND 9 does so.
I would say deny requests by default.
We live in a security-conscious world, so I think that the general
philosophy should be "anything that is not explicitly allowed is
denied" rather than "anything that is not explicitly denied is allowed".
Stephen
More information about the bind10-users
mailing list