[15355] in bugtraq
Re: bind running as root in Mandrake 7.0
daemon@ATHENA.MIT.EDU (stanislav shalunov)
Thu Jun 15 15:00:36 2000
Message-Id: <87wvjs8diy.fsf@cain.internet2.edu>
Date: Wed, 14 Jun 2000 11:48:07 -0400
Reply-To: stanislav shalunov <shalunov@INTERNET2.EDU>
From: stanislav shalunov <shalunov@INTERNET2.EDU>
X-To: Nathan Neulinger <nneul@UMR.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Nathan Neulinger's message of "Sun, 11 Jun 2000 15:32:38 -0500"
Nathan Neulinger <nneul@UMR.EDU> writes:
> It is necessary to separately bind to the interfaces in order to
> determine which interface a request came in on. This is needed for
> some of bind's security mechanisms.
Actually, I think the reason BIND binds to all interfaces individually
is to be able to send responses that come from the same IP number they
were sent to.
Requests that come from a different IP than the one they were sent to
are usually discarded (by BIND for sure, and probably by other
standard-compliant servers as well as stub resolver libraries).
