To:
dnsop@cafax.se
From:
"D. J. Bernstein" <djb@cr.yp.to>
Date:
15 Feb 2000 01:08:20 -0000
Sender:
owner-dnsop@cafax.se
Subject:
Re: RFC 2182 considered harmful
Illustration of the security point: www.rsa.com was recently corrupted, apparently through a breakin at one of the not-very-secure secondaries. Breaking the DNS protocol or the primaries would have taken more work. Donald E. Eastlake 3rd writes: > There are many uses for DNS data, There are many uses for web-page data, but anyone who demanded that all web pages be online all the time, without regard to the costs, would be correctly branded a fool. > name <-> address translations in viewing log files Record the name at the time of making the log entry, in parallel with whatever else you're doing. Unlike your approach, this protects against subsequent failures of the local network. > MX'ing to alternate servers, Irrelevant to the sites under discussion. > and even domain name surveys. Silly argument. The surveyor can easily retry failing domains over a reasonable period to see which failures are persistent. Unlike your approach, this protects against failures of the surveyor's network. > Please stop advocating poor DNS management. Please stop making recommendations not justified by the facts. ---Dan