On Sun, May 16, 2010 at 07:19:23PM +0200, Florian Weimer wrote: > "order random_1" is applied to DO queries and consequently returns > data which fails DNSSEC validation. It's also not restricted to types > A and AAAA, so there's a risk of service degradation/DoS (for example, > assume that a downstream cache receives a NS RRset for BIZ which only > includes J.GTLD.BIZ, but the downstream cache has no IPv6 > connectivity). > The easiest fix would be to remove the option.
That's also why it's almost completely undocumented - There is a specific use case where it's beneficial, and I should really add documentation indicating that it is generally the wrong answer. lamont -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
