* Edward Lewis: > I don't buy that this is a security risk; if it is, DNSSEC would be > the fix to that (for once).
The risk is that you accidentally add an uncooperative name server to your NS set. Mistyping addresses in glue records or name server names is probably a more relevant source of such potential badness than deliberately added RFC 1918 addresses. (I'm not sure how to automatically detect such lame delegations, based on static data. Suggestions welcome.) And yes, DNSSEC would fix this indeed. _______________________________________________ DNSOP mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dnsop
