On Feb 25, 2013, at 12:17 PM, Carlos M. Martinez <[email protected]> wrote:
> I know. And I agree. But we are all seeing people going to 8.8.8.8, even > people at home. > > So maybe having an alternative you can locally 'spoof' wouldn't hurt. It will hurt, in ways that you cannot predict. And, when the hurt comes, you will probably be defensive about the spoofing because you had some reason at the beginning to do it. In the example that started this thread, let's assume X captures the queries to 8.8.8.8 and spoof. Then Google turns on DNSSEC validation but X doesn't. Then someone gets hurt in a way that would not have happened if the answers actually came from 8.8.8.8. X's reply is "the queries to 8.8.8.8 were taking too long!". X has made one tradeoff that the customer didn't. Worse, in the meantime, the latency of 8.8.8.8 for the customer might have gone way down and X didn't notice it. It will always hurt because it will always last longer than intended. --Paul Hoffman _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
