forwarding as requested.
--- Begin Message ---
On Thu, 18 Sep 2003, Paul Vixie wrote:
*can't post to nanog, feel free to forward it*
> actually, i had it convincingly argued to me today that wildcards in root
> or top level domains were likely to be security problems, and that domains
> like .museum were the exception rather than the rule, and that bind's
> configuration should permit a knob like "don't accept anything but delegations
> unless it's .museum or a non-root non-tld". i guess the ietf has a lot to
> think about now.
"don't accept anything but delegations unless it's .museum or a non-root
non-tld" - you need to include for example .de in there too.
They don't have wildcard-records, but lots of domains (mostly from the
biggest website-sellers) don't use own nameservers, but include all
information (mx, a records) directly into the .de-zone.
One example: whois -h whois.denic.de dev0.de
(nsentry records instead of the normal nserver records - available to
everyone who can register domains/change their denic-data)
c'ya
sven
--
The Internet treats censorship as a routing problem, and routes around it.
(John Gilmore on http://www.cygnus.com/~gnu/)
--- End Message ---