North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: The "not long discussion" thread....
On Tue, 26 Apr 2005, Steve Sobol wrote: > Jerry Pasker wrote: > > Steve Sobol replied with: > >> I'm not going to enter into a long discussion with you. :) > >> I'm just curious why you didn't restrict AXFR to certain IPs instead. > > > > And I had router ACLs doing the same thing. Allow to hosts that needed > > it, deny for everyone else. And I did this to ALL my DNS servers. > > What were the router ACLs doing that the DNS server ACLs weren't/couldn't? This, it seems, was an unfortunate side effect (as I pointed out earlier) of legacy software and legacy config... if I had to guess.
|