Update to root-delegation-only exclude statement example.
Ian Northeast
ian at house-from-hell.demon.co.uk
Sat Oct 11 23:36:39 UTC 2003
Randy Bush wrote:
>
> > It has come to ISC's attention that there are non-delegation records=20
> > present in the following zones:
(snip)
> we are breaking the internet for political reasons. please tell us if your
> particular piece, or any you know, are affected.
Not quite.
"A major registrar broke the Internet for reasons of commercial greed.
We are doing what we can to mitigate the damage, but there may be
collateral effects. Please tell us if you know of any" would be more
like it.
Remember that implementing delegation-only or root-delegation-only has
to be a deliberate decision on the part of a DNS administrator. They are
not the default and only work in very recent versions of bind, usually
installed specifically for the purpose.
Conversely, Verisign's wildcards were not optional, they were thrust
down everyone's throat.
I applaud the ISC's sterling efforts to combat this plague. As things
stand now of course they are not necessary; but I for one am keeping the
required version of bind (9.2.2-P3) in place in case the need to revive
the delegation-only domains should return. I won't be using
root-delegation-only BTW, even when I am running a bind version which
supports it, but this is a personal choice.
Regards, Ian
More information about the bind-users
mailing list