Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 14 Nov 1999 21:27:35 -0500 (EST)
From:      Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
To:        Pierre Beyssac <pb@fasterix.freenix.org>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: patch for bind8 port (was: BIND NXT Bug Vulnerability)
Message-ID:  <199911150227.VAA03816@khavrinen.lcs.mit.edu>
In-Reply-To: <19991112165545.A18571@fasterix.frmug.org>
References:  <Pine.BSF.4.10.9911110751530.25016-100000@shell.entic.net> <45563.942403323@verdi.nethelp.no> <19991112165545.A18571@fasterix.frmug.org>

next in thread | previous in thread | raw e-mail | index | archive | help
<<On Fri, 12 Nov 1999 16:55:45 +0100, Pierre Beyssac <pb@fasterix.freenix.org> said:

> Actually, the zone is not completely rejected: the secondaries
> fetch an up-to-date copy and serve it, but they disable the AA flag
> in the replies. It is much better than not serving the zone at all.

Well, not really, since this means many people can't send mail to
addresses covered by that zone.  (Think sendmail.cf 
`O ResolverOptions=+AAONLY', or MMDF which doesn't even give you an
option.  This bites me periodically when our primary goes lame for
some reason -- it's also our main mail relay, and it runs MMDF.)

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911150227.VAA03816>