* Julien Cristau <jcris...@debian.org> [141116 17:45]: > On Sun, Nov 16, 2014 at 17:24:02 +0100, Christian Hofstaedtler wrote: > > pdns-recursor does a check with upstream to see if they think the > > version the user is running has a security issue. (This check is > > done using DNS and a log message is printed if there are known > > issues.) > > > Calling home sounds like a misfeature...
In general I'd agree with you. Users can turn this off by setting security-poll-suffix empty, as pointed out by the upstream docs. I think for PowerDNS the home call is warranted, given that... 1) both pdns-server and -recursor are usually Internet exposed services that regularly see abuse (DDoS reflection, regular DoS, ...) 2) they usually end up being installed and then forgotten until they stop working (then somebody may read a log file) 3) upstream is not some evil enterprise corp, but a pure open source company that really tries to tie in and work with downstreams. Cheers, Christian -- ,''`. Christian Hofstaedtler <z...@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
pgpFnTAYHsfTU.pgp
Description: PGP signature
