[2573] in Release_7.7_team
Re: Meeting tomorrow, 1pm
daemon@ATHENA.MIT.EDU (John Hawkinson)
Sun Feb 4 16:47:54 2001
Date: Sun, 4 Feb 2001 16:47:50 -0500 (EST)
Message-Id: <200102042147.QAA06365@multics.mit.edu>
To: Jonathon Weiss <jweiss@mit.edu>
CC: release-team@mit.edu
In-reply-to: "[2565] in Release_7.7_team"
From: John Hawkinson <jhawk@MIT.EDU>
Sorry this is late.
| Cons:
|
One other con against turning off remote querying is that it's
sometimes useful to query a machine remotely to look at it's DNS cache
while a user is reporting a problem.
This means that instead of being able to
dig @usersmachine hostname-having-problems +norec
or somesuch, one might have to ask the user to do the same thing
and get back the answer from them, to debug the same problem.
Of course, these problems aren't terribly frequent, so the hardship
incurred is not great.
Another observation is that turning off remote querying will
turn off the ability to remotely determine what version of named
is running on a given machine. This probably doesn't have a significant
effect. (Arguments that providing this information is exposing a
vulnerability seem to be well-countered by the point that vulnerable
machines will actually have the attacks executed on them, and then
an attacker will know if they're vulnerable or not.)
--jhawk
