On Sun, Jan 28, 2018 at 11:17:44AM -0500, Eric Luehrsen wrote: > It would not be a Bug if it is an appropriately selectable option for > local administration to configure for their own security requirements. [ snip ] > I had already imagined your concerns, and attempted to address them the > > use case. Externally facing servers should be placed in a DMZ, or that I hope it's not your intent to claim that all software should support "security requirements" and then proceed to mandate those security requirements, but that's what it sounds like you're doing.
The "security requirements" you're discussing are side-effects of ipv4 address scarcity, so accustomed to which are securitists that they've become cultural touchstones. That scarcity does not exist in the ipv6 space and it would probably be unwise to continue behaving as though it did. It is not a matter of course to invent a DMZ or put specific machines into one. In many organizations, every machine is "externally facing"; this used to be called "being connected to the internet" and is, I assure you, extremely survivable without DNS prestidigitation. Please keep in mind that while there's nothing stopping you from doing whatever you'd like with your computers, deliberately configuring DNS servers to lie to each other wasn't ever really part of the design, and it's not particularly polite to inflict the resulting complexity on the rest of us. khm _______________________________________________ Dnsmasq-discuss mailing list Dnsmasqfirstname.lastname@example.org http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss