> From: David Forrest <d...@maplepark.com> > > In any case, some naming and shaming seems appropriate. Basic > > Naming and shaming seems excessive for a "free" service.
Services that do not charge users money are often not really free. That this case might cost security instead of eyeballs should not exempt it from scrutiny or criticism. If today were 2003, if the lack of support were for the DANE types, or if primary DNSSEC service with auto-signing was supported, then maybe it would be ok. For a reductio ad absurdum example, what would you say about a free DNS secondary service that replaces your A records with others with IP addresses of an advertiser (and tiny TTLs) for 10% of requests? Done carefully, including not messing with MX and some other types, it wouldn't completely wreck a small web site. https://www.google.com/search?q=dns+hijack The important and undeniable scandal is the lack of support from registrars for DS RRs. Speaking of DNSSEC, I've been watching the graphs on http://scoreboard.verisignlabs.com/ for months with growing incredulity. How can the counts or percentages for .com and .net be growing so amazingly consistently? Where are the dips and bumps you'd expect for holidays? Why isn't there far more noise in the graphs? Vernon Schryver v...@rhyolite.com _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
