Hmm. Ideally then with 'NO_ID' we shouldn't forward Chaosnet queries
for *.bind.
Can we just get away with the equivalent of 'local=/bind/' or is that
too broad a brush to apply by default in the code?
I can see me digging into how the code for 'local' works in my near
future :-)
On 09/09/1
Applied.
Something to think about: with this in effect, queries to *.bind get
treated like all others, ie they get forwarded upstream, so the
requestor may get an answer from an upstream nameserver. I've added a
comment to this effect to the definition of NO_ID.
Cheers,
Simon.
On 07/09/16 11:
Attached (in case the git send-email didn't work)
Kevin :-)
On 06/09/16 21:23, Simon Kelley wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
a) I tend to agree that it's pointless.
b) Not a run-time option, there are too many of those already.
c) Maybe the simplest solution is something
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
a) I tend to agree that it's pointless.
b) Not a run-time option, there are too many of those already.
c) Maybe the simplest solution is something like a NO_ID compile time
option that suppresses the whole .bind domain thing?
Certainly happy to take
Hi Simon & all,
There has been a bit of activity on the security front in LEDE and a
recent change proposed removing version numbers from software to avoid
it leaking to 'the bad guys'. I'll say upfront that I'm not a fan of
this approach feeling that it's more of the 'security through obscur
