Date: Sun, 14 Nov 1999 21:27:35 -0500 (EST) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Pierre Beyssac <pb@fasterix.freenix.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: patch for bind8 port (was: BIND NXT Bug Vulnerability) Message-ID: <199911150227.VAA03816@khavrinen.lcs.mit.edu> In-Reply-To: <19991112165545.A18571@fasterix.frmug.org> References: <Pine.BSF.4.10.9911110751530.25016-100000@shell.entic.net> <45563.942403323@verdi.nethelp.no> <19991112165545.A18571@fasterix.frmug.org>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Fri, 12 Nov 1999 16:55:45 +0100, Pierre Beyssac <pb@fasterix.freenix.org> said: > Actually, the zone is not completely rejected: the secondaries > fetch an up-to-date copy and serve it, but they disable the AA flag > in the replies. It is much better than not serving the zone at all. Well, not really, since this means many people can't send mail to addresses covered by that zone. (Think sendmail.cf `O ResolverOptions=+AAONLY', or MMDF which doesn't even give you an option. This bites me periodically when our primary goes lame for some reason -- it's also our main mail relay, and it runs MMDF.) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911150227.VAA03816>