On 8/24/15 3:09 PM, n...@eml.cc wrote: > > > On Mon, Aug 24, 2015, at 11:56 AM, Darcy Kevin (FCA) wrote: >> So, if your link is saturated to the point that you can't hold up a VPN >> connection reliably, you fall back to an less-secure method of resolution? > > No.
Actually, "yes". That's pretty much exactly what you are doing. > >> Non-deterministic security, what a concept! > > Didn't take long for you to resort to childish snark to did it? If "what a concept" is snark, then I'm one of the snarkiest people in the world. However, he's pointing out a problem with your configuration. >> Has it occurred to you, that you're giving the bad guys -- the ones that >> want to pry on your query data -- an incentive to also partially DoS your >> link, as a way to downgrade your query security? > > No, because I prefer not to waste my time with hypothetical/idle speculation. Unfortunately, security has a lot to do with figuring out the weak points in a configuration - that which you call "hypothetical/idle speculation". Not good. >> -1 on this feature request. > > I don't know who you are. Is that an opinion, or a project decision? I'm with Kevin on this one. -1 on this feature request. AlanC -- When I do still catch the odd glimpse, it's peripheral; mere fragments of mad-doctor chrome, confining themselves to the corner of the eye.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
