[nsd-users] allow-notify on localhost
mark at NLnetLabs.nl
Tue Sep 18 10:24:54 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Farkas Levente wrote:
> Mark Santcroos wrote:
>>> Or even make it implicit to always
>>> allow this from localhost (f you can't trust localhost, you have more
>> For security reasons, and no really good reasons in favour of it, we
>> won't make it trust localhost by default.
> can you explain it a little bit more detailed?
On multiuser systems you can't (always) trust access from localhost.
In theory, accepting notifies should indeed not be a problem, but
because it accepts packets from the wire there is always a chance that
there is a bug in the handling of it.
Therefore we don't want to make that the default for everyone.
Does this make it more clear?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the nsd-users