Hi Ben

On Tue, Jul 28, 2015 at 07:38:35PM -0400, Ben Croswell wrote:
> Absolutely there is a division of traffic. One set of servers hosting
> domains for the outside and another set with no inbound port 53 other than
> stateful replies to internally generated queries.

Keep in mind that some internally generated queries may be automatic
queries from services running inside your LAN that query based on some
external input (examples are webpages, spam filters, etc.). For this
reason, we usually consider even resolver bugs as externally vulnerable
for CVSS scoring. The scope of vulnerability would be based on the type
of issue, but it would be best not to depend on source of traffic.

                Mukund

Attachment: pgpUs0KBFNJn8.pgp
Description: PGP signature

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to