Speaking of default CHAOS zones, I have another idea:
Do we need them after NSID was standardized?
There is a lot of special code just for built-in CH zones, and IIRC we
have had at least one CVE which affected default config only because of
default CH usage.
Anand, what would be missing if special magic for CH is removed and you
are left with standard NSID?
Petr Špaček
On 14. 11. 22 17:39, Ondřej Surý wrote:
Hi Anand,
correct me if I am wrong, but the VERSION.SERVER doesn't seem to be anywhere
documented[1], and you are the first one to request it[2].
1. RFC 4892 only talks about ID.SERVER
2. Please create a GitLab issue for tracking
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and your working hours may be different. Please do not
feel obligated to reply outside your normal working hours.
On 14. 11. 2022, at 17:33, Anand Buddhdev <ana...@ripe.net> wrote:
Hi folks (especially BIND developers),
Apologies if this has been discussed and answered before. I just
noticed that BIND doesn't respond to CH/TXT/VERSION.SERVER queries. It
only responds to ID.SERVER.
Other name servers, such as Knot DNS, NSD, Verisign's ATLAS name
server, Quad9's and Cloudflare's public resolvers, respond to
VERSION.SERVER queries.
So what's the reason for BIND not responding to VERSION.SERVER
queries? It seems like an anomaly or oversight.
Regards,
Anand
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users