[dns-operations] Karl Auerbach on adding 'millions' more TLD - what do folks think about the operational impact?

Paul Vixie paul at vix.com
Wed Jan 10 20:41:16 UTC 2007

> 	The installed base of broken server isn't that large.

i think it's in their resolver not their servers.

>       It's on a relatively unpopular windows version.  Microsoft could fix
>       this at anytime they want by releasing the patch via Windows /
>       Microsoft Update.  While this won't get all the machines fixed it
>       will get the vast majority of them fixed.

easily said by us, but evidently rather hard to do by them.  this isn't a
hot security fix and thus the relatively high pain threshold for a Windows
Update has not been met by this issue (nor by the other issues like bombing
the AS112 servers with RFC1918-PTR updates.)

> 	There was no such update mechanism for BIND 4.  Today there
> 	is.  Just about all OS's support a over the net mechanism
> 	for distributing fixes.  Even BIND 4 was fixed to accept
> 	many-answer responses.

indeed, open source has a systemic economics advantage over proprietaryware
on this kind of thing, since there isn't much hot/cold triage going on.  but
that's changing, and besides which, there are still unupgraded BIND4 servers
out there that sysadmins are afraid to touch.

More information about the dns-operations mailing list