Once upon a time, Crist Clark <crist.cl...@globalstar.com> said: > Another BIND-specific question since we're on the topic. I see > some of our authorative servers being hit with these spoofs, and > yes, the 9.3.5-P1 (that's what Sun supports in Solaris these > days) were sending back answers from the cache... but wait... > what cache? > > The view the Internet gets only has our authorative zones. There > is no declaration for the root zone, master, slave, or hints. > How does BIND have the root cached in that view? Where did it > get it from? I guess it's hard coded somewhere?
BIND has had the hints compiled in for some time as a fall-back, but for an auth-only server, "additional-from-cache no;" will kill such responses. -- Chris Adams <cmad...@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
