* Roland Dobbins: > While it sounds good on phosphor, the concept of code diversity is so > abstract, compared to the significant operational challenges and > associated security challenges of operating separate systems > performing the same functions (sort of), but differently, that any > potential benefit is generally outweighed by the negative impact to > security posture of said challenges.
In particular, running different implementations behind a load balancer on the same public IP address can break EDNS detection by resolvers, and crafted queries sent to a resolver can make data unavailable to that resolver (until a timeout occurs). _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
