On Sun, Feb 12, 2017 at 5:44 PM, George Michaelson <g...@algebras.org> wrote: > I have never entirely got with the people who think obscuring version > information is necessary and correct. Designing for the bad actors > presupposes they will somehow magically not attack you, simply because > you obscured the version info. > > Root ops (I may misremember) stand out in my mind as a group who have > from time to time said "we don't feel we need, or should tell you > that" > > So on the whole, I think we should explore this "what version are you" > question more, and possibly do better at flagging it. > > Having said which: people lie all the time. Either by intent, or > because they reply with information which was correct when they set > it, but has aged out.
https://puck.nether.net/~jared/version.bind.results.20160402.txt What?!!!! You don't believe that there is at least one person running version 3.14159? How 'bout "19,800yen"? Surely you don't doubt that "An Italian is COMBING his hair in suburban DES MOINES!" Still, nice to know that someone is keeping the love with a "C=64 with Final Cartridge II and 1541 discdrive" W > So even with the best of intentions, > version-flagging needs to be taken with a grain of salt. > > -G > > On Sun, Feb 12, 2017 at 9:55 PM, Woodworth, John R > <john.woodwo...@centurylink.com> wrote: >> -----Original Message----- >> From: DNSOP [mailto:dnsop-boun...@ietf.org] On Behalf Of Paul Hoffman >>> >>> On 11 Feb 2017, at 17:49, Allan Liska wrote: >>> >>> > ISC runs a monthly survey of DNS statistics: >>> > https://ftp.isc.org/www/survey/reports/current/fpdns.txt (this is from >>> > January 2017). >>> > Information about the survey is here: >>> > https://ftp.isc.org/www/survey/reports/current/survey.html >>> > Not sure how useful their data is, but they have been doing it for a >>> > long time, so they have great trending analysis. >>> >>> Do note, however, that fingerprinting DNS servers has gotten much harder >>> over time, so take the results with a very large grain of salt. For >>> example, the software that runs that survey seems to think that there >>> are no versions of BIND 9 since 9.4.0a0. >>> >> >> Thanks Paul! >> >> I was wondering about that. Figured there would be more people at least >> near the bleeding-edge. >> >> >> Thanks, >> John >> >>> --Paul Hoffman >>> >>> _______________________________________________ >>> DNSOP mailing list >>> DNSOP@ietf.org >>> https://www.ietf.org/mailman/listinfo/dnsop >> >> >> -- THESE ARE THE DROIDS TO WHOM I REFER: >> This communication is the property of CenturyLink and may contain >> confidential or privileged information. Unauthorized use of this >> communication is strictly prohibited and may be unlawful. If you have >> received this communication in error, please immediately notify the sender >> by reply e-mail and destroy all copies of the communication and any >> attachments. >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
