On 5 Oct 2011, at 11:00, Matus UHLAR - fantomas wrote:
On 05.10.11 10:37, Jim Reid wrote:
IMO it would be unwise to reference this article in any arguments you make. It could rebound on you very badly. BIND9.9 can do NXDOMAIN rewriting. So presumably ISC thinks this sort of thing is OK now.
Actually, they do not.
Well it seems ISC has a rather strange way of showing their disapproval. If ISC truly thought NXDOMAIN rewriting was a Bad Idea, they would not have allowed this feature to embed itself in the reference DNS implementation. QED. IMO it sends out the wrong sort of messages and encourages those who advocate Stupid DNS Tricks. It's all very well for ISC to say they're just offering a "safer" way for people to play with these things. I take the view that this is a bit like letting children experiment with sharp objects when there's no responsible adult in charge.
Sigh. If/when your opponents find this out, it fatally undermines the very sensible things said in that article.
That's one of reason why I think it's bad feature to have in BIND.
+1. I'm very disappointed ISC has gone down this path.