What I think will be interesting is who has the bind patch this time around. The first time many companies didn't deploy the bind patch for reasons ranging from taking a few days to study the impact to not being able to deploy new software on their nameservers that quickly to not being able to get management buy in on blocking wildcard records. If Verisign turns the "service" back on without ICANN approval I expect a much larger number of people, and perhaps some larger networks to implement the bind patch this time around. It's unfortunate, as this is not the right way to run a network. When left with no choice, engineers will work around any problem. -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org