DNS TSIG updates need to check ACLs
kai at samba.org
Thu Nov 8 14:54:11 MST 2012
On 2012-11-08 17:12, Andriy Syrovenko wrote:
> I was thinking about filing a bug, but I am at a loss which product to
> consider affected. S3? S4? BIND? Please advise.
I think this is a BIND bug. It is, however, a bug we could work around
in libaddns. I'm not sure what the other devs think.
Any ideas? I don't like the workaround, but arguably libaddns never
really checks the signature anyway, so the check that's happening is
We will however run into this problem again in future if we ever switch
to an implementation that follows the RFC for client-side GSS-TSIG checks.
Worldforge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 259 bytes
Desc: OpenPGP digital signature
More information about the samba-technical