North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Verisign Responds

  • From: Jack Bates
  • Date: Wed Sep 24 09:53:54 2003 
Paul Vixie wrote:
It's still to be seen if ISC's cure is worse than the disease; as instead of detecting and stoping wildcard sets, it looks for delegation. 
that's because wildcard ("synthesized") responses do not look different
on the wire, and looking for a specific A RR that can be changed every day
or even loadbalanced through four /16's that may have real hosts in them
seems like the wrong way forward.
See the NANOG archives for my post reguarding wildcard caching and set comparison with additional resolver functionality for requesting if the resolver wishes to receive wildcards or NXDOMAIN.

-Jack