Date: Mon, 23 Sep 2002 12:50:03 +0900 From: itojun@iijlab.net To: Mark_Andrews@isc.org Cc: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= <jinmei@isl.rdc.toshiba.co.jp>, Juan Francisco Rodriguez Hervella <jrh@it.uc3m.es>, Lista <freebsd-net@FreeBSD.ORG>, "(Lista) bind9-users@isc.org" <bind9-users@isc.org> Subject: Re: RES_INSECURE and CHECK_SRVR_ADDR in resolver functions (IPv6 anycast response problem) Message-ID: <20020923035004.F1D0A4B24@coconut.itojun.org> In-Reply-To: Mark_Andrews's message of Fri, 20 Sep 2002 15:48:53 %2B1000. <200209200548.g8K5mrB5067818@drugs.dv.isc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Yes, and I know why the restriction is in RFC 1884 and it > is a reasonable restriction. I don't think so, IP source address is easy to forge and it does not add any meaning protection. DNSSEC is the only way if you want trusted responsees. therefore, i agree with enabling RES_INSECURE1 by default. itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020923035004.F1D0A4B24>