Re: The "not long discussion" thread....

• From: Christopher L. Morrow
• Date: Tue Apr 26 23:00:41 2005

On Tue, 26 Apr 2005, Steve Sobol wrote:
> Jerry Pasker wrote:
> > Steve Sobol replied with:
> >> I'm not going to enter into a long discussion with you. :)
> >> I'm just curious why you didn't restrict AXFR to certain IPs instead.
> >
> > And I had router ACLs doing the same thing.  Allow to hosts that needed
> > it, deny for everyone else.  And I did this to ALL my DNS servers.
>
> What were the router ACLs doing that the DNS server ACLs weren't/couldn't?

This, it seems, was an unfortunate side effect (as I pointed out earlier)
of legacy software and legacy config... if I had  to guess.

• References:
  • Problems with NS*.worldnic.com Greg Schwimer
  • Re: Problems with NS*.worldnic.com Randy Bush
  • Re: Problems with NS*.worldnic.com Jerry Pasker
  • The "not long discussion" thread.... Jerry Pasker
  • Re: The "not long discussion" thread.... Steve Sobol

• Prev by Date: FCC Chief Wants 911 Service for Internet Phones
• Next by Date: Schneier: ISPs should bear security burden
• Date Index
• Thread Index
• Author Index
• Historical