On 12.09.14 07:35, Mark Andrews wrote: > > In message <[email protected]>, Paul Vixie writes: >> >> like i said this seems insane now. mark was right, we should have broken >> the bad stuff as early as possible. > > It isn't impossible. Emit warnings whenever a partially qualified > name matches and syslog / EventLog it. > > "WARNING: The partially qualified name '%s' resulted in a search > list match. The use of partially qualified names is a unsafe > practice. Fix your configuration to use the fully qualified name > '%s'."
How many end users do you know that look at log files? How many even know log files exist and where/how to find them? Would you expect a browser, mail client, IM etc software author to agree to pop up such a message to the end user? These will likely first look for a way to silence the warnings. Likewise, while the SSAC research and recommendations on the topic are useful for those in the know (mostly, to explain why some of the long standing presumptions are indeed wrong) --- it is highly unlikely the general public will be either aware of these findings, able to implement the suggested solutions or even care.... About the only way to 'fix' this is to implement it in code and distribute the code as widely as possible. Such fixed code will sure break many things.. similarly as DNSSEC breaks/identifies bad DNS setups. Daniel _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
