Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)

[Christos Zoulas <christos%zoulas.com@localhost>]

The following reply was made to PR bin/58170; it has been noted by GNATS.

From: Christos Zoulas <christos%zoulas.com@localhost>
To: Robert Elz <kre%munnari.OZ.AU@localhost>
Cc: gnats-bugs%netbsd.org@localhost,
 Christos Zoulas <christos%netbsd.org@localhost>,
 netbsd-bugs%netbsd.org@localhost,
 toku%tokugawa.org@localhost
Subject: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
Date: Fri, 19 Apr 2024 11:38:01 -0400

 I guess the best way to find out is to turn on logging and look at the =
 log file :-)
 
 christos
 
 > On Apr 19, 2024, at 9:38=E2=80=AFAM, Robert Elz <kre%munnari.OZ.AU@localhost> =
 wrote:
 >=20
 >    Date:        Fri, 19 Apr 2024 08:33:42 -0400
 >    From:        Christos Zoulas <christos%zoulas.com@localhost>
 >    Message-ID:  <5F2DA85C-AC6A-499C-A1DC-23921081C54B%zoulas.com@localhost>
 >=20
 >  | I think we should, since the querier has no way to know that there
 >  | is an ACL preventing the query so this is not an abuse.
 >=20
 > I don't know what it takes to install the block, but the typical way
 > this would happen is if a client was using the wrong DNS server as its
 > back end.   If that's what is happening (many queries, all being sent
 > to the wrong server) then it may not be abuse, but blocking that =
 client
 > is still a reasonable thing to do.
 >=20
 > If it is just an occasional query (like someone running dig and =
 specifying
 > a particular server) then a block might be an over reaction.
 >=20
 > If the server is supposed to be handling those queries, then its =
 config
 > should be fixed to allow them.
 >=20
 > kre