David Ulevitch wrote:
On 11/9/09 6:06 PM, Alex Balashov wrote:
Anything else is COMPLETELY UNACCEPTABLE. I don't understand how or why
this could possibly be controversial.
Because some people want the ability and choice to block DNS responses
they don't like; just as they have the ability and choice to reject
email they don't want to accept.
When the conficker worms phones home to one of the 50,000 potential
domains names it computes each day, there are a lot of IT folks out
there that wish their local resolver would simply reject those DNS
requests so that infected machines in their network fail to phone home.
Dealing with 10k~ uni students who like to spread new viruses faster
than STD's I often make light of the fact that we can use OpenDNS to a)
keep tabs on who's infected at what sites and b) prevent them from
possibly doing more damage by phoning home with info or to collect
instructions.
To use your language, I don't understand how or why this could
possibly be controversial. -- Apparently it is.
-David
It's as David says, there are a lot of us who would rather have the
choice than not have it.
If that's not acceptable to some then that's their decision however as a
part of our network this DNS 'tomfoolery' is something that both we and
the end user see benefits from so I don't see it going away anytime soon.
Regards,
Andrew Cox
AccessPlus HNA