>>> Yes, and I know why the restriction is in RFC 1884 and it
>>> is a reasonable restriction.
>> I don't think so, IP source address is easy to forge and it does not
>> add any meaning protection. DNSSEC is the only way if you want trusted
>> responsees. therefore, i agree with enabling RES_INSECURE1 by default.
>
>Please let me check. Mark said the restriction was reasonable, and he
>didn't say checking the source address of a DNS response provide
>better security. In my understanding his main opinion is effects and
>compatibility against existing applications.
correct. i've quoted the wrong portion.
itojun
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
