Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)

To: Christos Zoulas <christos%zoulas.com@localhost>
Subject: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
From: Robert Elz <kre%munnari.OZ.AU@localhost>
Date: Fri, 19 Apr 2024 20:38:59 +0700

    Date:        Fri, 19 Apr 2024 08:33:42 -0400
    From:        Christos Zoulas <christos%zoulas.com@localhost>
    Message-ID:  <5F2DA85C-AC6A-499C-A1DC-23921081C54B%zoulas.com@localhost>

  | I think we should, since the querier has no way to know that there
  | is an ACL preventing the query so this is not an abuse.

I don't know what it takes to install the block, but the typical way
this would happen is if a client was using the wrong DNS server as its
back end.   If that's what is happening (many queries, all being sent
to the wrong server) then it may not be abuse, but blocking that client
is still a reasonable thing to do.

If it is just an occasional query (like someone running dig and specifying
a particular server) then a block might be an over reaction.

If the server is supposed to be handling those queries, then its config
should be fixed to allow them.

kre

Follow-Ups:
- Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
  - From: Christos Zoulas

References:
- Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
  - From: Christos Zoulas
- Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
  - From: riastradh

Prev by Date: PR/58170 CVS commit: src/external/mpl/bind/dist/lib/ns
Next by Date: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
Previous by Thread: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
Next by Thread: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
Indexes:

Home | Main Index | Thread Index | Old Index