[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: axfr-clarify supporting unauthorized users

To: "D. J. Bernstein" <djb@cr.yp.to>
Subject: Re: axfr-clarify supporting unauthorized users
From: Mark.Andrews@isc.org
Date: Mon, 02 Dec 2002 14:58:21 +1100
Cc: namedroppers@ops.ietf.org
In-reply-to: Your message of "30 Nov 2002 18:48:03 -0000." <20021130184803.83758.qmail@cr.yp.to>

> Mark.Andrews@isc.org writes:
> > "Does your server meet RFC 1034 and return REFUSED under these conditions?"
> 
> It is entirely up to the primary to decide who the secondaries are. RFC
> 1034 imposes no constraints on this decision. A non-secondary asking for
> AXFR is violating the protocol (specifically, the text that you quoted),
> and has no right to a response.

	Dan I asked you a reasonable question with reasonable pre-conditions.
	This does not answer that question.
 
> > I suspect that the DNS admistators of most ISP curse your stupid decision
> > when trying to setup secondary service for one of their customers who
> > is using your servers but forgot to adjust the access controls.
> 
> Funny how nobody has ever complained about that.

	Whether they have complained to you or not is irrelevent.
 
> Maybe this is because step 3 of my upgrade-from-BIND instructions tells
> people to authorize zone transfers from their third-party servers. Or
> maybe it's because nobody actually gives a damn whether the AXFR client
> prints useless error message #1 or useless error message #2---all the
> useful information is on the server side.

	Well if people didn't give a damn we wouldn't be having this
	discussion.

> Next, I suppose, you're going to demand that everybody have BIND-style
> promiscuous defaults, so that users who ``forgot to adjust the access
> controls'' don't have to be bothered fixing their configurations.

	Irrelevent.
 
> ---D. J. Bernstein, Associate Professor, Department of Mathematics,
> Statistics, and Computer Science, University of Illinois at Chicago
> 
> 
> 
> --
> to unsubscribe send a message to namedroppers-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://ops.ietf.org/lists/namedroppers/>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews@isc.org

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: axfr-clarify supporting unauthorized users
  - From: "D. J. Bernstein" <djb@cr.yp.to>

References:
- Re: axfr-clarify supporting unauthorized users
  - From: "D. J. Bernstein" <djb@cr.yp.to>

Prev by Date: Re: axfr-clarify supporting unauthorized users
Next by Date: TM/UCC distractions [Was Re: in support of axfr-clarify]
Previous by thread: Re: axfr-clarify supporting unauthorized users
Next by thread: Re: axfr-clarify supporting unauthorized users
Index(es):
- Date
- Thread