>>>>> "PF" == Paul Ferguson <fergdawgs...@mykolab.com> writes:
JC>> *Every* site should run its own (preferably verifying) resolver. PF> I have no problem with that as long as they are not open resolvers Of course. Most such devices will be behind a NAT router anyway. At least for now. And I expect that when v6 is the norm, most sites will run decent firewalls on the routers -- they'll be used to the idea from the current need for NAT routing -- with incoming port 53 blocked. Or routed to an authoritative-only dns box. It would help if there were small, affordable boxen available which less technical sites can plop on their lan to do a basic task like dns. Perhaps a run-from-ram box with a line of write-locked SD cards each with a mostly-preconfigured single-purpose distribution. -JimC -- James Cloos <cl...@jhcloos.com> OpenPGP: 1024D/ED7DAEA6 _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
