North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: The power of default configurations

  • From: Jay R. Ashworth
  • Date: Sun Apr 10 22:49:15 2005

On Sun, Apr 10, 2005 at 09:15:39PM -0400, Sean Donelan wrote:
> How can we make more software "safe by default?"  Because relying on the
> user or sysadmin to make it safe isn't working.  That includes safe
> default configurations that are conservative in what they send, such as
> doing RFC1918 lookups against root name servers.  The original BIND
> from Berkeley included a "localhost" file, why not a "workgroup" file
> and an RFC1918 file?

And, to tie the thread title back in to one example of what you're
saying there, five years ago when I first saw NANOG, there might have
been a reason why you had to let forged source addresses leak through
your edge devices...

but that was five years ago.  Have manufacturers *really* not made that
item a default by now?  Have providers *really* not changed out that
equipment in five years?  I mean, this is internet time, right?

Cheers,
-- jra
-- 
Jay R. Ashworth                                                [email protected]
Designer                          Baylink                             RFC 2100
Ashworth & Associates        The Things I Think                        '87 e24
St Petersburg FL USA      http://baylink.pitas.com             +1 727 647 1274

      If you can read this... thank a system administrator.  Or two.  --me