[153030] in North American Network Operators' Group
Re: isc - a good business
daemon@ATHENA.MIT.EDU (Paul Vixie)
Mon May 28 17:14:50 2012
To: nanog@nanog.org
From: Paul Vixie <vixie@isc.org>
Date: Mon, 28 May 2012 21:14:19 +0000
In-Reply-To: <26627378.6326.1338234777043.JavaMail.root@benjamin.baylink.com>
(Jay Ashworth's message of "Mon, 28 May 2012 15:52:57 -0400 (EDT)")
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
(all caught up after this.)
Jay Ashworth <jra@baylink.com> writes:
> ----- Original Message -----
>> From: "paul vixie" <vixie@isc.org>
>
>> On 5/28/2012 11:52 AM, Randy Bush wrote:
>> > ... maybe a bit too much layer ten for my taste. ...
>>
>> on that, we're trying to improve. for example, we used to forego
>> features that some of us found repugnant, such as nxdomain remapping /
>> ad insertion. since the result was that our software was less relevant
>> but that there was no reduction in nxdomain remapping as a result of
>> BIND not providing it.
>
> To clarify that a bit...
let's keep trying.
> You're saying you used to decline to include in BIND the capability to
> break the Internet by returning things other than NXDOMAIN for names
> which do not exist...
no, that's not what i'm saying.
> but now you're *ok* with breaking the internet, and BIND now does that?
no, that's also not what i'm saying.
> If that's what you mean, I'll explain to you why that's a bad layer 10 call.
it's not, but i'm listening.
> *Now*, you see, we no longer have a canonical Good Engineering Example to
> which we can point when yelling at people (and software vendors) which
> *do* permit that, to say "see? You shouldn't be doing that; it's bad."
>
> "The Web Is Not The Internet."
i see what you mean, and i'm sad that this arrow is no longer in your
quiver. perhaps you can still refer to nlnetlabs unbound for this purpose.
if i thought there was even one isp anywhere who wanted to use nxdomain
remapping but didn't because bind didn't have that feature, i'd be ready to
argue the point. but all isc did by not supporting this feature was force
some isp's to not use bind, and: isc is not in the "sour grapes" business.
meanwhile isc continues to push for ubiquitous dnssec, through to the stub,
to take this issue off the table for all people and all time. (that's "the
real fix" for nxdomain remapping.)
--
Paul Vixie
KI6YSY
