26 Apr
2005
26 Apr
'05
8:59 p.m.
Jerry Pasker wrote:
Steve Sobol replied with:
I'm not going to enter into a long discussion with you. :)
I'm just curious why you didn't restrict AXFR to certain IPs instead.
And I'm posting back to NANOG:
I did.
And I had router ACLs doing the same thing. Allow to hosts that needed it, deny for everyone else. And I did this to ALL my DNS servers.
What were the router ACLs doing that the DNS server ACLs weren't/couldn't? -- JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638) Steven J. Sobol, Geek In Charge / sjsobol@JustThe.net / PGP: 0xE3AE35ED "The wisdom of a fool won't set you free" --New Order, "Bizarre Love Triangle"