[80174] in North American Network Operators' Group
Re: The "not long discussion" thread....
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Tue Apr 26 22:59:50 2005
Date: Wed, 27 Apr 2005 02:59:21 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <426EE40B.8010304@JustThe.net>
To: Steve Sobol <sjsobol@JustThe.net>
Cc: Jerry Pasker <info@n-connect.net>, nanog@merit.edu
Errors-To: owner-nanog@merit.edu
On Tue, 26 Apr 2005, Steve Sobol wrote:
> Jerry Pasker wrote:
> > Steve Sobol replied with:
> >> I'm not going to enter into a long discussion with you. :)
> >> I'm just curious why you didn't restrict AXFR to certain IPs instead.
> >
> > And I had router ACLs doing the same thing. Allow to hosts that needed
> > it, deny for everyone else. And I did this to ALL my DNS servers.
>
> What were the router ACLs doing that the DNS server ACLs weren't/couldn't?
This, it seems, was an unfortunate side effect (as I pointed out earlier)
of legacy software and legacy config... if I had to guess.
