>>>>> On Mon, 23 Sep 2002 12:54:35 +0900,
>>>>> Jun-ichiro itojun Hagino <[EMAIL PROTECTED]> said:
>> Yes, and I know why the restriction is in RFC 1884 and it
>> is a reasonable restriction.
> I don't think so, IP source address is easy to forge and it does not
> add any meaning protection. DNSSEC is the only way if you want trusted
> responsees. therefore, i agree with enabling RES_INSECURE1 by default.
Please let me check. Mark said the restriction was reasonable, and he
didn't say checking the source address of a DNS response provide
better security. In my understanding his main opinion is effects and
compatibility against existing applications.
JINMEI, Tatuya
Communication Platform Lab.
Corporate R&D Center, Toshiba Corp.
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
