[62442] in North American Network Operators' Group
Re: Root Server Operators (Re: What *are* they smoking?)
daemon@ATHENA.MIT.EDU (Jack Bates)
Thu Sep 18 10:41:04 2003
Date: Thu, 18 Sep 2003 09:31:27 -0500
From: Jack Bates <jbates@brightok.net>
To: Paul Vixie <paul@vix.com>
Cc: nanog@merit.edu
In-Reply-To: <20030918011156.D247613956@sa.vix.com>
Errors-To: owner-nanog-outgoing@merit.edu
Paul Vixie wrote:
> actually, i had it convincingly argued to me today that wildcards in root
> or top level domains were likely to be security problems, and that domains
> like .museum were the exception rather than the rule, and that bind's
> configuration should permit a knob like "don't accept anything but delegations
> unless it's .museum or a non-root non-tld". i guess the ietf has a lot to
> think about now.
>
Paul,
I would argue as seen in some of my other posts, that the wildcard
feature of .museum is not always wanted either. Would it not be wise to
push forward into the future with support for software to request if it
wants a wildcard or not? While a wildcard bit is ideal, there are
methods of determining wildcard programatically. Being able to cache and
handle such information is important as different applications have
different requirements.
After all, is this the Internet or just the World Wide Web? wildcards at
the roots are catering solely to the web and disrupting other protocols
which require NXDOMAIN.
-Jack
