26 Apr
2005
26 Apr
'05
10:59 p.m.
On Tue, 26 Apr 2005, Steve Sobol wrote:
Jerry Pasker wrote:
Steve Sobol replied with:
I'm not going to enter into a long discussion with you. :) I'm just curious why you didn't restrict AXFR to certain IPs instead.
And I had router ACLs doing the same thing. Allow to hosts that needed it, deny for everyone else. And I did this to ALL my DNS servers.
What were the router ACLs doing that the DNS server ACLs weren't/couldn't?
This, it seems, was an unfortunate side effect (as I pointed out earlier) of legacy software and legacy config... if I had to guess.