The power of default configurations
Jay R. Ashworth
jra at baylink.com
Mon Apr 11 02:24:34 UTC 2005
On Sun, Apr 10, 2005 at 09:15:39PM -0400, Sean Donelan wrote:
> How can we make more software "safe by default?" Because relying on the
> user or sysadmin to make it safe isn't working. That includes safe
> default configurations that are conservative in what they send, such as
> doing RFC1918 lookups against root name servers. The original BIND
> from Berkeley included a "localhost" file, why not a "workgroup" file
> and an RFC1918 file?
And, to tie the thread title back in to one example of what you're
saying there, five years ago when I first saw NANOG, there might have
been a reason why you had to let forged source addresses leak through
your edge devices...
but that was five years ago. Have manufacturers *really* not made that
item a default by now? Have providers *really* not changed out that
equipment in five years? I mean, this is internet time, right?
Cheers,
-- jra
--
Jay R. Ashworth jra at baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274
If you can read this... thank a system administrator. Or two. --me
More information about the NANOG
mailing list