On 21/11/2022 17:26, Petr Špaček wrote:
Speaking of default CHAOS zones, I have another idea:
Do we need them after NSID was standardized?
Yes.
There is a lot of special code just for built-in CH zones, and IIRC
we have had at least one CVE which affected default config only
because of default CH usage.
Anand, what would be missing if special magic for CH is removed and
you are left with standard NSID?
We'd need to retool every system that relies on hostname.bind queries
working on the root system, for a start. RIPE Atlas probes use these
queries, and there are several systems (our own included) that work off
this data.
For other researchers, automated queries for hostname.bind (or
hostname.server) are trivially excluded from analysis of query data
based on the QNAME, whereas any query might include an NSID option.
Also, *.server CH TXT is actually in an RFC (4892). Nothing has
obsoleted that, and I'd object loudly if anyone tried ;-
Ray
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
