North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Verisign Responds
Paul Vixie wrote:
Can someone please tell me how a change to a critical component of the Internet which has the capacity to cause harm is not an operational issue?you are confused. and in any case this is off-topic. take it to namedroppers, but before you do, please read rfc's 1033, 1034, 1035, 2136, 2181, and 2317.
A TLD issues a wildcard. Instead of discovering if records match the wildcard and returning NXDOMAIN (which is what everone wanted), the software was designed to restrict records based on delegation.
Delegation was not broken. The changes made allow engineers to break it. I'd consider this an issue. Reports have already come in of all the various domains that people will mandate delegate-only for. For the record, .museum was listed several times despite the request in documentation to not force delegation, as were other zones.
In fact, many people were confused. They didn't understand what zone delegation was. For the record, I've read all the RFC's you posted. To many, it's an issue of wildcards. Yet BIND didn't solve the wildcard problem. It solved a delegation problem, which was not only "not broken" but has traditional use.
Which "countermeasures" being implemented did the IAB have an issue with? I wonder since their arguement against the wildcards was the fact that it breaks traditional use. BIND now easily breaks traditional use.