[ntp:hackers] Re: configuration file rewrite
mayer at ntp.isc.org
Thu Mar 2 03:25:06 UTC 2006
Harlan Stenn wrote:
> There is nothing insane about it. It has been the obvious solution for
No, Harlan, it IS insane. It doesn't matter that this has been this way
for years, it's still wrong. restrictions intended for NTP packets
should have absolutely no affect on doing DNS lookups. The fact that is
apparently does means that the code is not doing the right thing.
> If we see a name that needs to be resolved we fork a process (to avoid
> blocking), resolve the name, and send back a remote config request using
> an auth key set up before the fork over the localhost address.
That's fine, but restrict shouldn't in effect block the packet sending
the DNS resolution results back to the main process.
> If we convert to ISC's eventlib stuff this will get tons easier.
Yes, but that's not soon, or for that matter, easy.
More information about the hackers