IETF Logo Mail Archive

Re: draft-manning-dnssvr-criteria-01.txt

bmanning@isi.edu Mon, 06 May 1996 21:25 UTC

Received: from ietf.cnri.reston.va.us by IETF.CNRI.Reston.VA.US id aa29230; 6 May 96 17:25 EDT
Received: from [132.151.1.1] by IETF.CNRI.Reston.VA.US id aa29225; 6 May 96 17:25 EDT
Received: from ietf.cnri.reston.va.us by CNRI.Reston.VA.US id aa18320; 6 May 96 17:25 EDT
Received: from ietf.cnri.reston.va.us by IETF.CNRI.Reston.VA.US id aa29190; 6 May 96 17:25 EDT
Received: from [132.151.1.1] by IETF.CNRI.Reston.VA.US id aa29063; 6 May 96 17:23 EDT
Received: from venera.isi.edu by CNRI.Reston.VA.US id aa18254; 6 May 96 17:23 EDT
Received: from zed.isi.edu by venera.isi.edu (5.65c/5.61+local-23) id <AA20823>; Mon, 6 May 1996 14:23:01 -0700
X-Orig-Sender: ietf-request@IETF.CNRI.Reston.VA.US
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: bmanning@isi.edu
Posted-Date: Mon, 6 May 1996 14:22:56 -0700 (PDT)
Message-Id: <199605062122.AA26656@zed.isi.edu>
Received: by zed.isi.edu (5.65c/4.0.3-4) id <AA26656>; Mon, 6 May 1996 14:22:56 -0700
Subject: Re: draft-manning-dnssvr-criteria-01.txt
To: Robert Elz <kre@munnari.oz.au>
Date: Mon, 06 May 1996 14:22:56 -0700
Cc: paul@vix.com, bmanning@isi.edu, ietf@CNRI.Reston.VA.US
In-Reply-To: <3127.831372105@munnari.OZ.AU> from "Robert Elz" at May 6, 96 06:41:45 pm
X-Mailer: ELM [version 2.4 PL25]
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Content-Length: 1072
Source-Info: From (or Sender) name not authenticated.

> 
>     Date:        Sun, 5 May 1996 22:47:34 -0700
>     From:        Paul A Vixie <paul@vix.com>
>     Message-ID:  <VIXIE.96May5224732@wisdom.vix.com>
> 
>     This isn't a misfeature of BIND, and your
>     own draft-ietf-dnsind-clarify-01.txt (section 3 and especially
>     section 3.1) enshrine the same thing that
>     draft-manning-dnssvr-criteria-01.txt is trying to say.
> 
> I'd always thought that the reason for the single interface
> requirement was to keep the packet sizes down, so multiple A
> records would not have to be included.  
> 
> Eg: point 3 "Dedicated host".  
> I had assumed this requirement was for security
> reasons - preventing other work lowers the chances of a bug in some
> other service allowing an intruder to corrupt the DNS.
> 
> kre

	Actually, both points 3 & 4 have some security implications.
	In general, its easier to trust/secure something that has
	reduced complexity. 

 Expect -03 shortly.

-- (Pronoid) bill manning

Pronoia n: the sneaking feeling you have that others are conspiring 
behind your back to help you.

v2.23.0 | Report a Bug | By Email