[dns-operations] Fighting the Open Recursive Nameserver or not?

Mike Hoskins (michoski) michoski at cisco.com
Fri Mar 29 17:02:35 UTC 2013

-----Original Message-----
From: Stephane Bortzmeyer <bortzmeyer at nic.fr>
Organization: NIC France
Date: Friday, March 29, 2013 3:50 AM
To: "dns-operations at lists.dns-oarc.net" <dns-operations at lists.dns-oarc.net>
Subject: [dns-operations] Fighting the Open Recursive Nameserver or not?

>I thought that everyone was convinced of the need to close ORN (RFC
>5358) but apparently not:

I read that and gasped, wish it was 4/1.

The notion of not doing what we can now because other vectors exist seems
like letting best be the enemy of good.  Of course the notion is
illogical.  If his argument was based on logic, he would support not
applying any security patches, doing administration over telnet, running
small services, etc.  After all, I used to think being able to tell when
my friends were logged into their shell servers was "open internet".

The SUV reference made me think.  In the automobile world, 100mpg
carburetors and electric vehicles were researched and possible long before
oil lobbyists allowed them to become mainstream.  Now that they are,
they're dramatically overpriced since companies are focussed on profit vs
doing good. This is a mess compared to the Internet, where doing something
like closing an ORN is straightforward and cheaper than not acting and
serving as a reflector.

"Keep calm, and cary on."

More information about the dns-operations mailing list