To:
dnsop@cafax.se
From:
"D. J. Bernstein" <djb@cr.yp.to>
Date:
8 Aug 2003 21:07:29 -0000
Automatic-Legal-Notices:
See http://cr.yp.to/mailcopyright.html.
Content-Disposition:
inline
Sender:
owner-dnsop@cafax.se
Subject:
Re: scope
Rob Austein writes: > Think, for example, about a hypothetical firewall product that blocks > inbound recursive responses: this doesn't hurt the outside world so > long as the well-known address points to something inside the firewall, > but what happens if the well-known address route gets hosed? Oops. The administrator who sets up that firewall, but neglects to set up DNS service inside it, will find that his clients can't browse the web. This is exactly the behavior I'd expect. Why do you say ``Oops''? What's the big deal? Do you also worry when people set up DNS caches that are firewalled away from the root servers? Do you realize that the DNS root server addresses are ``well-known addresses''? ---D. J. Bernstein, Associate Professor, Department of Mathematics, Statistics, and Computer Science, University of Illinois at Chicago #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.