Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)

To: Robert Elz <kre%munnari.OZ.AU@localhost>
Subject: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
From: Christos Zoulas <christos%zoulas.com@localhost>
Date: Fri, 19 Apr 2024 11:38:01 -0400

I guess the best way to find out is to turn on logging and look at the log file :-)

christos

> On Apr 19, 2024, at 9:38 AM, Robert Elz <kre%munnari.OZ.AU@localhost> wrote:
> 
>    Date:        Fri, 19 Apr 2024 08:33:42 -0400
>    From:        Christos Zoulas <christos%zoulas.com@localhost>
>    Message-ID:  <5F2DA85C-AC6A-499C-A1DC-23921081C54B%zoulas.com@localhost>
> 
>  | I think we should, since the querier has no way to know that there
>  | is an ACL preventing the query so this is not an abuse.
> 
> I don't know what it takes to install the block, but the typical way
> this would happen is if a client was using the wrong DNS server as its
> back end.   If that's what is happening (many queries, all being sent
> to the wrong server) then it may not be abuse, but blocking that client
> is still a reasonable thing to do.
> 
> If it is just an occasional query (like someone running dig and specifying
> a particular server) then a block might be an over reaction.
> 
> If the server is supposed to be handling those queries, then its config
> should be fixed to allow them.
> 
> kre

References:
- Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
  - From: Christos Zoulas
- Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
  - From: riastradh
- Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
  - From: Robert Elz

Prev by Date: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
Next by Date: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
Previous by Thread: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
Next by Thread: Re: bin/58170 (NetBSD10.0 /usr/sbin/bind problem)
Indexes:

Home | Main Index | Thread Index | Old Index