(all caught up after this.) Jay Ashworth <jra@baylink.com> writes:
----- Original Message -----
From: "paul vixie" <vixie@isc.org>
On 5/28/2012 11:52 AM, Randy Bush wrote:
... maybe a bit too much layer ten for my taste. ...
on that, we're trying to improve. for example, we used to forego features that some of us found repugnant, such as nxdomain remapping / ad insertion. since the result was that our software was less relevant but that there was no reduction in nxdomain remapping as a result of BIND not providing it.
To clarify that a bit...
let's keep trying.
You're saying you used to decline to include in BIND the capability to break the Internet by returning things other than NXDOMAIN for names which do not exist...
no, that's not what i'm saying.
but now you're *ok* with breaking the internet, and BIND now does that?
no, that's also not what i'm saying.
If that's what you mean, I'll explain to you why that's a bad layer 10 call.
it's not, but i'm listening.
*Now*, you see, we no longer have a canonical Good Engineering Example to which we can point when yelling at people (and software vendors) which *do* permit that, to say "see? You shouldn't be doing that; it's bad."
"The Web Is Not The Internet."
i see what you mean, and i'm sad that this arrow is no longer in your quiver. perhaps you can still refer to nlnetlabs unbound for this purpose. if i thought there was even one isp anywhere who wanted to use nxdomain remapping but didn't because bind didn't have that feature, i'd be ready to argue the point. but all isc did by not supporting this feature was force some isp's to not use bind, and: isc is not in the "sour grapes" business. meanwhile isc continues to push for ubiquitous dnssec, through to the stub, to take this issue off the table for all people and all time. (that's "the real fix" for nxdomain remapping.) -- Paul Vixie KI6YSY