[dns-wg] NCC reverse delegation criteria

> Because 20 years ago, we realised that this is a problem and stopped
> intermingling recursive and authoritative service. Software like the
> djb suite, nsd and unbound was written to assist in this separation.
> 
> Thus, noone has bothered to revisit the docs on the subject.
> 
> Part of the response you have received, thus, is because the
> separation
> requirement is mostly regarded as completely uncontroversial, like
> "do
> not allow TELNET without IAC DO ENCRYPT" or "Do not let SNMP
> community
> Public have write access" and similar obviousities.
> 
> I suggest we wait for the NCC folks to come back with the exact list
> of
> requirements used today and starting from those the community, since
> this
> is more controversial than I and others thought, should try to
> formulate
> a policy that is consistent with the desires and needs of the
> community
> and the Internet.
> 
> /Måns, down memory lane.

Mans,

i get your point but it appears that since those 20 years one might
have forgotten to just ask that question again (with todays technology
in mind). 

"Its not working that way."
"Why?"
"It never worked that way, dont try".

While telnet was replaced by SSH (and others), SNMP is still there but
has made progress (v3, crypto etc). I'd rather compare the auth
nameserver+open resolver thing to SNMP than to telnet.

I agree with you to wait for the NCC to specify the requirements and
see what the community thinks about it. In any way this should be
documented somewhere, so that further confusion is avoided.


-
Jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: </ripe/mail/archives/dns-wg/attachments/20190611/d5e61ee3/attachment.sig>