Nicholas Weaver wrote:
>>> that happens sometimes. however, i often end up in an email conversation
>>> with
>>> a problem reporter, and i often ask them to run certain "dig" commands. so,
>>> even if i can't reach a recursive server, a feature like this can still help
>>> me.
>>
>> It may work for you if you don't receive too much wrong requests.
>>
>> For scalable management, however, what you need is call center
>> operators as a firewall.
>
> And we're already seeing today, and expect more in the future,
> systems where the front-line support instructions include
> "run a one-click or two-click tool", rather than "run dig".
It means those who can use "run a one-click or two-click tool"
have no idea on how to bypass intermediate entities, which
means call center operators as a firewall is definitely
necessary.
> As an author of such tools, I strongly support this proposal,
> as the basic philosophy of these tools are:
As I said, the basic philosophy is do it at the IP layer.
How, do you think, about ICMP reply I mentioned, which is, in
theory, required by RFC1122?
Masataka Ohta
PS
Before developing tools, you should better learn to wrap
your lines well below 72 characters.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
