BIND9 Feature Request: 'fowarders' priority & round-robin pools
Alan Clegg
alan at clegg.com
Mon Aug 24 19:16:24 UTC 2015
On 8/24/15 3:09 PM, nrgd at eml.cc wrote:
>
>
> On Mon, Aug 24, 2015, at 11:56 AM, Darcy Kevin (FCA) wrote:
>> So, if your link is saturated to the point that you can't hold up a VPN connection reliably, you fall back to an less-secure method of resolution?
>
> No.
Actually, "yes". That's pretty much exactly what you are doing.
>
>> Non-deterministic security, what a concept!
>
> Didn't take long for you to resort to childish snark to did it?
If "what a concept" is snark, then I'm one of the snarkiest people in
the world. However, he's pointing out a problem with your configuration.
>> Has it occurred to you, that you're giving the bad guys -- the ones that want to pry on your query data -- an incentive to also partially DoS your link, as a way to downgrade your query security?
>
> No, because I prefer not to waste my time with hypothetical/idle speculation.
Unfortunately, security has a lot to do with figuring out the weak
points in a configuration - that which you call "hypothetical/idle
speculation". Not good.
>> -1 on this feature request.
>
> I don't know who you are. Is that an opinion, or a project decision?
I'm with Kevin on this one. -1 on this feature request.
AlanC
--
When I do still catch the odd glimpse, it's peripheral; mere fragments
of mad-doctor chrome, confining themselves to the corner of the eye.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 561 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150824/4885c177/attachment.bin>
More information about the bind-users
mailing list