On Mon, 5 Nov 2007 17:16:11 +0100 Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
On Mon, Nov 05, 2007 at 10:54:05AM -0500, Andrew Sullivan <andrew@ca.afilias.info> wrote a message of 29 lines which said:
One could argue that it is less evil to do this at recursive servers, because people could choose not to use that service by installing their own full resolvers or whatever.
It depends.
There are three possible ways for an access provider to do it, in order of ascending nastiness:
Perhaps it is time for resolver libraries to have the ability to equate certain IP addresses with NXDOMAIN. At least that way we can recognize that it is happening and fix our own servers on am individual basis. Sort of a DNS blacklist. -- D'Arcy J.M. Cain <darcy@druid.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.