On Thu, Sep 11, 2014 at 9:46 AM, Andrew Sullivan <a...@anvilwalrusden.com> wrote: > Also, it's not like it's terrifically onerous, although I know some > registrars' web interfaces for this are messy and confusing.
I do think that the policies of the .is GLTD are a net harm for DNS. They require that DNS servers respond to queries they aren't authoritative for (e.g. a SERVFAIL, or a REFUSED). Besides the reflection attack risk, this also means the behavior-of-last-resort should be respond "with an error": but I'd prefer to leave the question unanswered in case another name server for the domain does know how to serve the query. For example if a provider booted a box with an empty configuration, it would be much better to timeout queries than respond with SERVFAIL or REFUSED. -- Colm _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
