The "not long discussion" thread....
Steve Sobol
sjsobol at JustThe.net
Wed Apr 27 00:59:55 UTC 2005
Jerry Pasker wrote:
> Steve Sobol replied with:
>
>> I'm not going to enter into a long discussion with you. :)
>>
>> I'm just curious why you didn't restrict AXFR to certain IPs instead.
>
>
> And I'm posting back to NANOG:
>
> I did.
>
> And I had router ACLs doing the same thing. Allow to hosts that needed
> it, deny for everyone else. And I did this to ALL my DNS servers.
What were the router ACLs doing that the DNS server ACLs weren't/couldn't?
--
JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638)
Steven J. Sobol, Geek In Charge / sjsobol at JustThe.net / PGP: 0xE3AE35ED
"The wisdom of a fool won't set you free"
--New Order, "Bizarre Love Triangle"
More information about the NANOG
mailing list