North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: The power of default configurations
On Sun, Apr 10, 2005 at 09:15:39PM -0400, Sean Donelan wrote: > How can we make more software "safe by default?" Because relying on the > user or sysadmin to make it safe isn't working. That includes safe > default configurations that are conservative in what they send, such as > doing RFC1918 lookups against root name servers. The original BIND > from Berkeley included a "localhost" file, why not a "workgroup" file > and an RFC1918 file? And, to tie the thread title back in to one example of what you're saying there, five years ago when I first saw NANOG, there might have been a reason why you had to let forged source addresses leak through your edge devices... but that was five years ago. Have manufacturers *really* not made that item a default by now? Have providers *really* not changed out that equipment in five years? I mean, this is internet time, right? Cheers, -- jra -- Jay R. Ashworth [email protected] Designer Baylink RFC 2100 Ashworth & Associates The Things I Think '87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me
|