Hi Ben On Tue, Jul 28, 2015 at 07:38:35PM -0400, Ben Croswell wrote: > Absolutely there is a division of traffic. One set of servers hosting > domains for the outside and another set with no inbound port 53 other than > stateful replies to internally generated queries.
Keep in mind that some internally generated queries may be automatic queries from services running inside your LAN that query based on some external input (examples are webpages, spam filters, etc.). For this reason, we usually consider even resolver bugs as externally vulnerable for CVSS scoring. The scope of vulnerability would be based on the type of issue, but it would be best not to depend on source of traffic. Mukund
pgpUs0KBFNJn8.pgp
Description: PGP signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users