|
@@ -2172,8 +2172,8 @@ DDNS/zones[0]/update_acl[1] {"action": "ACCEPT", "from": "::1", "key": "key.
|
|
|
discussed among implementers and in the IETF, and it is now
|
|
discussed among implementers and in the IETF, and it is now
|
|
|
widely agreed that it does not make sense to strictly follow
|
|
widely agreed that it does not make sense to strictly follow
|
|
|
that part of RFC.
|
|
that part of RFC.
|
|
|
- One known specific bad result of this is that it could leak
|
|
|
|
|
- information about which name or record exists or does not
|
|
|
|
|
|
|
+ One known specific bad result of following the RFC is that it
|
|
|
|
|
+ could leak information about which name or record exists or does not
|
|
|
exist in the zone as a result of prerequisite checks even if a
|
|
exist in the zone as a result of prerequisite checks even if a
|
|
|
zone is somehow configured to reject normal queries from
|
|
zone is somehow configured to reject normal queries from
|
|
|
arbitrary clients.
|
|
arbitrary clients.
|
JINMEI Tatuya