Jim Reid <jim@rfc1035.com> writes:
On 5 Oct 2011, at 07:22, Kostas Zorbadelos wrote:
Thanks to everyone that provided feedback, on and off-list :) I think I have enough information to contruct my case.
Apart from respected voices expressing their opposition to such techniques [1]
IMO it would be unwise to reference this article in any arguments you make. It could rebound on you very badly. BIND9.9 can do NXDOMAIN rewriting. So presumably ISC thinks this sort of thing is OK now. Sigh. If/when your opponents find this out, it fatally undermines the very sensible things said in that article.
Now, this article also contains opinions on other matters I am not sure I support. For example, it also criticizes badly the use of DNS for load balancing on the grounds of "DNS was not designed to express policy". And what happens when a single machine is not enough to accomodate load? Do you employ NAT load balancers? Is this a better idea? Having a single "name" for a "service" seems to me like a good idea in general. Anyway, long talk, I guess it needs a thread of its own. Thanks again, Kostas PS1: Jim, you should REALLY reconsider your mail blacklist policies. Unless you do not prefer mail for person-to-person communication ;-) PS2: +1 against ISC for allowing the "feature" in bind. -- Kostas Zorbadelos twitter:@kzorbadelos http://gr.linkedin.com/in/kzorba ---------------------------------------------------------------------------- () www.asciiribbon.org - against HTML e-mail & proprietary attachments /\