Home page logo
/

nanog logo nanog mailing list archives

Re: AW: Odd policy question.
From: Randy Bush <randy () psg com>
Date: Sat, 14 Jan 2006 12:24:47 -1000


Indeed all that is required is a way to detect that the
delegation is lame

for bind vic^H^H^Husers

    dig +norec zone.name. @delegatee.name. soa

to check the ns rrset at the [proposed] delegatee

    dig +norec zone.name. @delegatee.name. ns

on later digs, you can also use the +short option if you don't want
to see too much detail.

serious pedants can also check for response via tcp, as opposed to
just the default udp.

hopefully in a secure fashion

could you amplify?

and remove the lame delegations. Of course that does leave the
problem of what to do if all of the delegations are lame

or if a proper subset of the delegations are lame.

or if the ns rrset at a delegatee does not match that which
was specified to be installed in the delegating zone file.

randy


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault