[80172] in North American Network Operators' Group
Re: The "not long discussion" thread....
daemon@ATHENA.MIT.EDU (Steve Sobol)
Tue Apr 26 21:00:30 2005
Date: Tue, 26 Apr 2005 17:59:55 -0700
From: Steve Sobol <sjsobol@JustThe.net>
To: Jerry Pasker <info@n-connect.net>
Cc: nanog@merit.edu
In-Reply-To: <a06200701be94438483b1@[66.6.34.245]>
Errors-To: owner-nanog@merit.edu
Jerry Pasker wrote:
> Steve Sobol replied with:
>
>> I'm not going to enter into a long discussion with you. :)
>>
>> I'm just curious why you didn't restrict AXFR to certain IPs instead.
>
>
> And I'm posting back to NANOG:
>
> I did.
>
> And I had router ACLs doing the same thing. Allow to hosts that needed
> it, deny for everyone else. And I did this to ALL my DNS servers.
What were the router ACLs doing that the DNS server ACLs weren't/couldn't?
--
JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638)
Steven J. Sobol, Geek In Charge / sjsobol@JustThe.net / PGP: 0xE3AE35ED
"The wisdom of a fool won't set you free"
--New Order, "Bizarre Love Triangle"
