On 16 Jul 2009, at 20:58, David Conrad wrote:
Except for most users, accepting none means "the Internet is broken" which will result in ISP or OS vendor support calls which will undoubtedly result in users being instructed to turn off validation (like they get told to turn off IPv6 today).
OTOH, one might hope that if customer support got flooded with such calls the message that Tampering With DNS Responses Is A Very Bad Thing would eventually get through to those responsible for that behaviour and they'd take action to stop doing that. I can dream, can't I?
BTW, almost all of the scenarios in Section 5 of draft-livingood-dns- redirect-00 are concerned with browser activity and HTTP redirection. So it seems to be wrong to (ab)use the DNS to solve what looks like a web problem. That appears to be a layering violation. I'm not sure it's wise to document DNS redirection as a BCP. [DNS redirection may well be a current practice, but is it a best practice?] I think this draft's next iteration should say a *lot* more about the dangers of fiddling with DNS data, particularly in the context of the impact on Internet applications that are not web browsers.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
