NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
The following reply was made to PR bin/58170; it has been noted by GNATS.
From: Robert Elz <kre%munnari.OZ.AU@localhost>
To: Christos Zoulas <christos%zoulas.com@localhost>
Cc: gnats-bugs%netbsd.org@localhost, Christos Zoulas <christos%netbsd.org@localhost>,
netbsd-bugs%netbsd.org@localhost, toku%tokugawa.org@localhost
Subject: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
Date: Fri, 19 Apr 2024 20:38:59 +0700
Date: Fri, 19 Apr 2024 08:33:42 -0400
From: Christos Zoulas <christos%zoulas.com@localhost>
Message-ID: <5F2DA85C-AC6A-499C-A1DC-23921081C54B%zoulas.com@localhost>
| I think we should, since the querier has no way to know that there
| is an ACL preventing the query so this is not an abuse.
I don't know what it takes to install the block, but the typical way
this would happen is if a client was using the wrong DNS server as its
back end. If that's what is happening (many queries, all being sent
to the wrong server) then it may not be abuse, but blocking that client
is still a reasonable thing to do.
If it is just an occasional query (like someone running dig and specifying
a particular server) then a block might be an over reaction.
If the server is supposed to be handling those queries, then its config
should be fixed to allow them.
kre
Home |
Main Index |
Thread Index |
Old Index