deny tld wilcards?
Paul Vixie
paul at vix.com
Tue Sep 16 16:47:12 UTC 2003
no, it's too likely that a tld operator who wants to deploy wildcards
will just use multiple A RR's and let round robin take care of avoiding
the always-nxdomain approach you outline. we're doing something more
basic, that does not depend on the value of the A RDATA.
re:
> Date: Tue, 16 Sep 2003 18:12:50 +0200 (CEST)
> From: Jakob Schlyter <jakob at rfc.se>
> To: Paul Vixie <paul at vix.com>
> Cc: bind9-workers at isc.org
> Subject: Re: deny tld wilcards?
>
> On Tue, 16 Sep 2003, Paul Vixie wrote:
>
> > we're working on it now
>
> good. very good.
>
> once that has been deployed, their next version will probably do A-record
> synthesis instead. I believe we need to be prepared for something like:
>
> options {
> always-nxdomain { 64.94.110.11; };
> };
>
>
> the impact of this whole issue on dnssec may be "interesting".
>
>
> jakob
More information about the bind-workers
mailing list