> Paul Wouters <mailto:p...@nohats.ca> > Sunday, March 08, 2015 9:03 PM > On Sun, 8 Mar 2015, Paul Vixie wrote: > > > So why are we proposing to ACL the ANY queries again?
because people like me with dig-based diagnostic tools want to be able to run ANY queries against our own servers, from our NOC/SOC. > > If you put ANY queries under an ACL, it means you are limiting the ANY > query diagnostics to those who can already read the logfiles to find > out what went wrong. It's basically the same as killing ANY queries. if your diagnostic tools are not dig-based, then i wish you only the best possible results from them. please do not criticize my use of dig-based tools to find out things my log files won't tell me, nor my laziness in preferring to use dig-based tools rather than developing a multi-vendor dns server diagnostic protocol and patching it into every kind of name server i might run. > > Cloudfare is not doing this for privacy reasons. So let's not kid > ourselves. cloudflare's motives are their own affair. our motives, as a community, for getting behind the cloudflare proposal, are what should concern us. -- Paul Vixie
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
