Subject: Re: [dns-wg] NCC reverse delegation criteria Date: Tue, Jun 11, 2019 at 07:52:18PM +0200 Quoting Jonas Frey (jf@probe-networks.de):
It seems to me that all documentation regarding this topic is highly outdated (atleast what i have found, see ISC's docs for BIND).
Because 20 years ago, we realised that this is a problem and stopped intermingling recursive and authoritative service. Software like the djb suite, nsd and unbound was written to assist in this separation. Thus, noone has bothered to revisit the docs on the subject. Part of the response you have received, thus, is because the separation requirement is mostly regarded as completely uncontroversial, like "do not allow TELNET without IAC DO ENCRYPT" or "Do not let SNMP community Public have write access" and similar obviousities. I suggest we wait for the NCC folks to come back with the exact list of requirements used today and starting from those the community, since this is more controversial than I and others thought, should try to formulate a policy that is consistent with the desires and needs of the community and the Internet. /Måns, down memory lane. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE SA0XLR +46 705 989668 I've read SEVEN MILLION books!!