On Fri, Sep 08, 2017 at 06:43:52PM -0700, Paul Vixie wrote: > not so fast. nxdomain redirection is an attack. censorship is an attack. > i don't think you mean to group ttl stretching in with those attacks. > because if you do, then we agree, it is an attack, and ought not be > done, and certainly ought not be standardized in any form.
They're both lies, and TTL stretching is a lie, and in principle I believe the DNS should not lie, but filter-aaaa and dns64 and RPZ all had good and worthy reasons, and nxdomain redirection had bad reasons with dollar signs next to them, and here we are. Just as with RPZ, it seems reasonable to publish guidance on how to do the kind-of-bad thing in the least bad way. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop