[79547] in North American Network Operators' Group
Re: The power of default configurations
daemon@ATHENA.MIT.EDU (Jay R. Ashworth)
Sun Apr 10 22:46:27 2005
Date: Sun, 10 Apr 2005 22:24:34 -0400
From: "Jay R. Ashworth" <jra@baylink.com>
To: nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0504102053550.11888@clifden.donelan.com>; from Sean Donelan <sean@donelan.com> on Sun, Apr 10, 2005 at 09:15:39PM -0400
Errors-To: owner-nanog@merit.edu
On Sun, Apr 10, 2005 at 09:15:39PM -0400, Sean Donelan wrote:
> How can we make more software "safe by default?" Because relying on the
> user or sysadmin to make it safe isn't working. That includes safe
> default configurations that are conservative in what they send, such as
> doing RFC1918 lookups against root name servers. The original BIND
> from Berkeley included a "localhost" file, why not a "workgroup" file
> and an RFC1918 file?
And, to tie the thread title back in to one example of what you're
saying there, five years ago when I first saw NANOG, there might have
been a reason why you had to let forged source addresses leak through
your edge devices...
but that was five years ago. Have manufacturers *really* not made that
item a default by now? Have providers *really* not changed out that
equipment in five years? I mean, this is internet time, right?
Cheers,
-- jra
--
Jay R. Ashworth jra@baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274
If you can read this... thank a system administrator. Or two. --me
