Re: The "not long discussion" thread....

About Merit

Services

Network

Resources & Support

Network Research

News

Events

Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Re: The "not long discussion" thread....

From: Christopher L. Morrow
Date: Tue Apr 26 23:00:41 2005

On Tue, 26 Apr 2005, Steve Sobol wrote:
> Jerry Pasker wrote:
> > Steve Sobol replied with:
> >> I'm not going to enter into a long discussion with you. :)
> >> I'm just curious why you didn't restrict AXFR to certain IPs instead.
> >
> > And I had router ACLs doing the same thing.  Allow to hosts that needed
> > it, deny for everyone else.  And I did this to ALL my DNS servers.
>
> What were the router ACLs doing that the DNS server ACLs weren't/couldn't?

This, it seems, was an unfortunate side effect (as I pointed out earlier)
of legacy software and legacy config... if I had  to guess.

References:
- Problems with NS*.worldnic.com Greg Schwimer
- Re: Problems with NS*.worldnic.com Randy Bush
- Re: Problems with NS*.worldnic.com Jerry Pasker
- The "not long discussion" thread.... Jerry Pasker
- Re: The "not long discussion" thread.... Steve Sobol

Prev by Date: FCC Chief Wants 911 Service for Internet Phones
Next by Date: Schneier: ISPs should bear security burden
Date Index
Thread Index
Author Index
Historical