On 3/28/23 11:28 AM, Matus UHLAR - fantomas wrote:
Yes, this is one of the problem "authoritative zones for local use".
Authorizing the /zone/ for local use wasn't the problem. The problem was that the world could get some of that zone's data from the query cache even if they couldn't query the zone directly.
The default root "hint" zone is only available for those who have recursion available.
I feel like the "root hint zone" is considerably different than "root zone" proper. The fact that they have different zone types seems to support that.
;-)I bring this up as this is something that I've stubbed my toe on and I would like it if others can avoid similarly stubbing their toes.
-- Grant. . . . unix || die
Description: S/MIME Cryptographic Signature
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list firstname.lastname@example.org https://lists.isc.org/mailman/listinfo/bind-users