On Sun, Apr 10, 2005 at 09:15:39PM -0400, Sean Donelan wrote:
How can we make more software "safe by default?" Because relying on the user or sysadmin to make it safe isn't working. That includes safe default configurations that are conservative in what they send, such as doing RFC1918 lookups against root name servers. The original BIND from Berkeley included a "localhost" file, why not a "workgroup" file and an RFC1918 file?
And, to tie the thread title back in to one example of what you're saying there, five years ago when I first saw NANOG, there might have been a reason why you had to let forged source addresses leak through your edge devices... but that was five years ago. Have manufacturers *really* not made that item a default by now? Have providers *really* not changed out that equipment in five years? I mean, this is internet time, right? Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Designer Baylink RFC 2100 Ashworth & Associates The Things I Think '87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me