Re: Multiple instances of BIND at startup

On Thu, May 22, 2008 at 08:13:03AM -0400, Steve Bertrand wrote:

The "match-destination" inspects the DNS address used by the client to
query to determine which view to use. Would this suit your purpose?

Well, yes, it would suit the purpose, but my fear was exactly that of
what Matthew states below about 'leaking'.

I believe that the problem is this: even if configured to be an
authoritative server, BIND will respond to a query about zones
outside what it has authoritative data for with data from its cache
if that data is present. As there is only one cache per instance of
BIND, enabling any sort of recursive capability on a server that is
otherwise meant to be entirely authoritative can lead to data leaking
between the authoritative and recursive parts. This opens up the
possibility of tricking a server into caching false data and responding
with it as if it was authoritative.

If this were true, the "view" feature would be broken. I've just tried
this with a client-based ACL, and there doesn't appear to any
cache-leaking across views. Any counter-examples would be welcome.

Cheers.
--
Jonathan Chen <jonc@xxxxxxxxxxx>
----------------------------------------------------------------------
Experience is a hard teacher
because she gives the test first, the lesson afterwards
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: [PHP] I have a problem with dynamicly updating files...
    ... But when i used a code provided by my server for same purpose was ... fill that form and when the click "submit query", ... omitting the id field which will get the next available value. ...
    (php.general)
  • Re: [PHP] I have a problem with dynamicly updating files...
    ... But when i used a code provided by my server for same purpose was ... fill that form and when the click "submit query", ... if you are inserting data into ALL the fields, ...
    (php.general)
  • Re: Return computer name
    ... The purpose is to limit logins, but to do this it must keep track of users ... query the partition for the user name or the computer name. ... Dim strComputer, strUsername, objWMI, colUsers, objUser ...
    (microsoft.public.scripting.vbscript)
  • Re: Lies of the mayor of nothing and nowhere
    ... No surprise, Jimbob. ... >>As has been pointed out to you klyde, you snipped things to suit YOUR ... >>bother you a bit being the liar that you are. ... you used the "rules" to alter something to your purpose to make it look ...
    (comp.sys.mac.advocacy)
  • Re: spotlight - SUCKS
    ... > it serves what purpose? ... >> the query and results. ... Detail the steps you take to repeat a search in spotlight. ...
    (comp.sys.mac.system)