NXDomain remapping, DNSSEC, Layer 9, and you.
jra at baylink.com
Mon May 28 23:16:47 UTC 2012
----- Original Message -----
> From: "Paul Vixie" <vixie at isc.org>
> > *Now*, you see, we no longer have a canonical Good Engineering
> > Example to
> > which we can point when yelling at people (and software vendors)
> > which
> > *do* permit that, to say "see? You shouldn't be doing that; it's
> > bad."
> > "The Web Is Not The Internet."
> i see what you mean, and i'm sad that this arrow is no longer in your
> quiver. perhaps you can still refer to nlnetlabs unbound for this
> if i thought there was even one isp anywhere who wanted to use nxdomain
> remapping but didn't because bind didn't have that feature, i'd be ready to
> argue the point. but all isc did by not supporting this feature was force
> some isp's to not use bind, and: isc is not in the "sour grapes"
Well, I disagree on that, but I am not widely travelled, and perhaps
the obvious argument I see wasn't ever actually used.
This is the "do I put cigarette burn preventers on the toilet paper
dispensers in my 'no smoking' restroom" problem, pretty much exactly.
> meanwhile isc continues to push for ubiquitous dnssec, through to the stub,
> to take this issue off the table for all people and all time. (that's "the
> real fix" for nxdomain remapping.)
You really believe that the outcome of that will be "we can't make some
extra revenue off NXDOMAIN remapping because of DNSSEC? Well, the hell
with DNSSEC, then"?
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
More information about the NANOG