* 风河: > i just want to make sure about it, and will the client resolver use the > additional records directly?
It is somewhat difficult to make correct use of the additional section. For example, Exim tried to do it, but they had to remove the code because it caused spurious mail delivery failures. Nowadays, Exim just sends explicit DNS queries for everything it needs, and no one has complained about that. Even if you manage that, there are other resolvers out there which do not scrub the additional section (unlike BIND 9), so if you use that data, you end up with a DNS poisoning vulnerability. -- Florian Weimer <fwei...@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
