Re: NXDOMAIN redirection in BIND 9.9

On 9/30/2011 6:21 PM, Shawn Bakhtiar wrote: "We came to the conclusion that no matter how much we wanted it to not be true, people find a way to do NXDOMAIN if they want to. The issue is not ours to push, it's between the ISP and the customer ultimately, and people will do it -- and more intrus

Re: NXDOMAIN redirection in BIND 9.9

On Sep 30, 2011, at 7:43 PM, David Miller wrote: > On 9/30/2011 6:21 PM, Shawn Bakhtiar wrote: >> >> "We came to the conclusion that no matter how much we wanted it to not be >> true, people find a way to do NXDOMAIN if they want to. The issue is not >> ours to push, it's between the ISP and t

Re: NXDOMAIN redirection in BIND 9.9

On 9/30/2011 6:21 PM, Shawn Bakhtiar wrote: "We came to the conclusion that no matter how much we wanted it to not be true, people find a way to do NXDOMAIN if they want to. The issue is not ours to push, it's between the ISP and the customer ultimately, and people will do it -- and more intr

RE: NXDOMAIN redirection in BIND 9.9

ility to arbitrarily redirecting (without redirecting) content. Important part being the sanctioning of. http://en.wikipedia.org/wiki/DNS_hijacking > Date: Fri, 30 Sep 2011 17:15:01 -0400 > From: ow...@nysernet.org > To: mgr...@isc.org > Subject: Re: NXDOMAIN redirection in BIND 9.9 > CC: b

Re: NXDOMAIN redirection in BIND 9.9

On Thu, Sep 29, 2011 at 04:52:10PM -0500, Michael Graff wrote: > I'm happy you read it, and hope to see you at the forum/customer webinar next > week! I'll be speaking, and will bring my fireproof undies. I'm already signed up, but no worries about flaming - at least not from me ;) > We came to

Re: NXDOMAIN redirection in BIND 9.9

On 9/30/11 10:12 AM, "John Wobus" wrote: > I'm a BIND user who is clamoring to keep such a feature out of BIND. In reality, there are plenty of you (us)... However, as usual (and particularly for anything ruled by committee), a few (often with the most capital) will ruin it for the many. For be

Re: NXDOMAIN redirection in BIND 9.9

On Sep 30, 2011, at 1:12 PM, John Wobus wrote: >>> . . . both Evan's blog post >>> >>> and the announcement of next week's webinar include NXDOMAIN redirection as >>> the first new feature. I'm really surprised by that -

Re: NXDOMAIN redirection in BIND 9.9

. . . both Evan's blog post and the announcement of next week's webinar include NXDOMAIN redirection as the first new feature. I'm really surprised by that - is this something that BIND users were clamoring for? Yes.

Re: NXDOMAIN redirection in BIND 9.9

On Fri Sep 30 2011 at 11:50:51 CEST, Hauke Lampe wrote: > > *except that perhaps those who enable this feature will use it as an excuse > > to avoid enabling validation, which would be a very bad result, IMO. . . > > My reading of the docs says that BIND's NXDOMAIN redirections won't > break DNS

Re: NXDOMAIN redirection in BIND 9.9

On 29.09.2011 23:06, Bill Owens wrote: > *except that perhaps those who enable this feature will use it as an excuse > to avoid enabling validation, which would be a very bad result, IMO. . . My reading of the docs says that BIND's NXDOMAIN redirections won't break DNSSEC-signed results: "If th

Re: NXDOMAIN redirection in BIND 9.9

On 30.09.2011 03:32, 刘明星：） wrote: > How does ISP use a proxy to filters answers and returns whatever they want to > the customer? BIND can do that for you with Response Policy Zones (DNS RPZ). See http://jpmens.net/2011/04/26/how-to-configure-your-bind-resolvers-to-lie-using-response-policy-zone

Re: NXDOMAIN redirection in BIND 9.9

> *except that perhaps those who enable this feature will use it as an > excuse to avoid enabling validation, which would be a very bad result +1 +1 A *very* bad result. -JP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to

Re: NXDOMAIN redirection in BIND 9.9

At 14:52 29-09-2011, Michael Graff wrote: We came to the conclusion that no matter how much we wanted it to not be true, people find a way to do NXDOMAIN if they want to. The issue is not ours to push, it's between the ISP and the customer ultimately, and people will do it -- and more intrusiv

Re: Re: NXDOMAIN redirection in BIND 9.9

How does ISP use a proxy to filters answers and returns whatever they want to the customer? Mingxing, Liu CNNIC liumingx...@cnnic.cn 发件人： Michael Graff 发送时间： 2011-09-30 05:52:48 收件人： owens 抄送： bind-users 主题： Re: NXDOMAIN redirection in BIND 9.9 On Sep 29, 2011, at 4:06 PM, Bill

Re: NXDOMAIN redirection in BIND 9.9

On Sep 29, 2011, at 4:06 PM, Bill Owens wrote: > I've obviously been asleep and not following along with the announcements of > new features in BIND 9.9 until today I'm happy you read it, and hope to see you at the forum/customer webinar next week! I'll be speaking, and will bring my fireproof

NXDOMAIN redirection in BIND 9.9

I've obviously been asleep and not following along with the announcements of new features in BIND 9.9 until today. . . both Evan's blog post and the announcement of next week's webinar include NXDOMAIN redirection as the