On Oct 5, 2011, at 2:22 AM, Jim Reid wrote:
IMO Kostas, technical arguments are probably not going to be heard, no matter how distinguished the DNS experts are. Though one killer argument against NXDOMAIN rewriting could be DNSSEC. First off, it stops this nonsense.
Not necessarily. NXDOMAIN rewriting can occur _after_ validation. If you as an end user are relying on your ISP for resolution service, you are accepting whatever they tell you, be it truthful or lies. If your ISP blocks you from doing your own resolution, look for a new ISP (or VPN out to a resolver you trust).
However I doubt the beancounters and other members of the B ark will care about any of this.
Yep. On the brighter side, I've heard from folks involved in (very large) DNS infrastructure who have deployed NXDOMAIN redirection that the amount of money it brings in wasn't worth it and they're discontinuing the redirection stuff. Regards, -drc