NXDomain remapping, DNSSEC, Layer 9, and you.

Jay Ashworth jra at baylink.com
Mon May 28 23:16:47 UTC 2012

----- Original Message -----
> From: "Paul Vixie" <vixie at isc.org>

> > *Now*, you see, we no longer have a canonical Good Engineering
> > Example to
> > which we can point when yelling at people (and software vendors)
> > which
> > *do* permit that, to say "see? You shouldn't be doing that; it's
> > bad."
> >
> > "The Web Is Not The Internet."
> i see what you mean, and i'm sad that this arrow is no longer in your
> quiver. perhaps you can still refer to nlnetlabs unbound for this
> purpose.
> if i thought there was even one isp anywhere who wanted to use nxdomain
> remapping but didn't because bind didn't have that feature, i'd be ready to
> argue the point. but all isc did by not supporting this feature was force
> some isp's to not use bind, and: isc is not in the "sour grapes"
> business.

Well, I disagree on that, but I am not widely travelled, and perhaps
the obvious argument I see wasn't ever actually used.

This is the "do I put cigarette burn preventers on the toilet paper 
dispensers in my 'no smoking' restroom" problem, pretty much exactly.

> meanwhile isc continues to push for ubiquitous dnssec, through to the stub,
> to take this issue off the table for all people and all time. (that's "the
> real fix" for nxdomain remapping.)

You really believe that the outcome of that will be "we can't make some
extra revenue off NXDOMAIN remapping because of DNSSEC?  Well, the hell
with DNSSEC, then"?

-- jra
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

More information about the NANOG mailing list