NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)



The following reply was made to PR bin/58170; it has been noted by GNATS.

From: Robert Elz <kre%munnari.OZ.AU@localhost>
To: Christos Zoulas <christos%zoulas.com@localhost>
Cc: gnats-bugs%netbsd.org@localhost, Christos Zoulas <christos%netbsd.org@localhost>,
        netbsd-bugs%netbsd.org@localhost, toku%tokugawa.org@localhost
Subject: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
Date: Fri, 19 Apr 2024 20:38:59 +0700

     Date:        Fri, 19 Apr 2024 08:33:42 -0400
     From:        Christos Zoulas <christos%zoulas.com@localhost>
     Message-ID:  <5F2DA85C-AC6A-499C-A1DC-23921081C54B%zoulas.com@localhost>
 
   | I think we should, since the querier has no way to know that there
   | is an ACL preventing the query so this is not an abuse.
 
 I don't know what it takes to install the block, but the typical way
 this would happen is if a client was using the wrong DNS server as its
 back end.   If that's what is happening (many queries, all being sent
 to the wrong server) then it may not be abuse, but blocking that client
 is still a reasonable thing to do.
 
 If it is just an occasional query (like someone running dig and specifying
 a particular server) then a block might be an over reaction.
 
 If the server is supposed to be handling those queries, then its config
 should be fixed to allow them.
 
 kre
 


Home | Main Index | Thread Index | Old Index