httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Dean Gaudet)
Subject Re: security holes and other fun stuff
Date Wed, 17 Jul 1996 03:46:56 GMT
In article <>,
Paul Richards  <> wrote:
>Incidentally, your DNS settings are a little odd. Having a ttl of 1/2
>day when your zone transfers only happen daily seems redundant to me
>since you can't update your tables more than once a day so why force
>clients to expire the cache twice a day.

Well the time an old record should live is the zone timeout plus the
record timeout, so I'm at a 1.5 day theoretical record change time now.
The difference between that and 2 days is minimal, so yeah I could
change it.  Incidentally, the 1 day zone timeout is for my external
secondaries -- sprintlink enforces a minimum of at least a 1 day zone
timeout.  My internal secondaries are force fed more regularly (in fact,
after each change, although I'm not using the bind update stuff yet).

> > This argument is pointless.  I really think there are security flaws with
> > Apache's advocation of DNS in configuration files.  If the Apache Group
> > doesn't care about it (I've not received one response, even privately,
> > which supports my view) then I'll shut up.  It's not just an Apache
> > issue -- I'm certain that if we were to investigate Netscape or NCSA or
> > other servers that allow DNS in their configuration files then we'd find
> > the same problems.
>Some of the points you made I understood and was concerned about but I
>had trouble following your argument so I'm not entirely clear on what
>exactly you're worries are regarding the DNS issues. I'm still
>rereading some of them.

You'll have to excuse me... I've been running on way too little ZZZzzz
lately, to the point I'm having a hard time focusing my eyes.  So, um,
I was probably a little stressed at something else when I replied.  My


View raw message