On 12Feb15, George Michaelson allegedly wrote: > > we've got two agencies who do DNS, and probably have > 20% worldwide > eyeball share in DNS (I don't know, thats a guesstimate) now doing > edns0_client_subnet albiet with whitelist, so its a permit-list, but its > functionally 'there'
Whitelists are my biggest bugbear actually. All my other comments are nice-to-haves. I hear that Google now adaptively whitelist which is a nice strategy but I'd really like to see the whitelist approach deprecated as much as possible. (And yes, I understand MarkA's stats that show some small percentage of auth queries will break). I've been in other conversations lately where it was all about how do we get "pick some larger resolver" to whitelist us? We all know that doesn't scale. So interest appears to be growing. > Its probably already more widely deployed than IPv6... On the auth side I think you're right. It's the client side that's the missing link. But this is a classic alignment-of-interest problem. The relatively small number of auths who care implement, but there is little incentive on the resolver side. Mark.
pgpJYRF8Ef4iY.pgp
Description: PGP signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
