On Feb 21, 2007, at 9:20 AM, Evan Hunt wrote:
I am not sure that there is a difference. For me, "default" is
"the behaviour you get when you do the absolute minimum of work",
which is, for most Unix, typing "aptitude install bind" or "emerge
bind" or "pkg_add bind".
For some sysadmins, that's the absolute minimum of work. For
others, the absolute minimum is to take their existing named.conf
and zone files from a running server and drop them onto a new
system with no modification. If you've changed the _intrinsic_
default behavior, then their nameserver won't work anymore; they'll
have to edit their files to add new directives to bring the
original behavior back. This will make them grumpy.
But if whoever does the packaging provides a default config file
(or a suite of them to choose from, perhaps), without altering the
intrinsic behavior of named, that satisfies both kinds of sysadmin.
By defining something like:
allow-private-only-from {...}
could then be used to setup a filter with undefined name servers.
The "new" default config file could then include this statement
without any name servers listed. This would not "break" systems
upgraded that use prior configuration files, but new installations
might need to comment out this configuration or fill in the permitted
servers.
-Doug
_______________________________________________
DNSOP mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dnsop
