On 8/17/21, Andrew Sullivan <[email protected]> wrote: > On Tue, Aug 17, 2021 at 01:32:35PM -0400, Viktor Dukhovni wrote: >>I am far from convinced that it is the resolvers job to enforce RDATA >>syntax restrictions beyond what is required for a valid wire form. > > I completely agree. Indeed, the history of middleboxes attempting to > enforce various kinds of restrictions is precisely what has made them > such a PITA when new features were introduced to the DNS that the > middleboxes didn't know about.
On the one hand, yes, firewalls do get in the way. On the other hand, yes, firewalls do get in the way because a firewall allows you to have a single place to enforce your security policy. I have a firewall at home, so it's clear where I stand on the matter :) Regards, Lee _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
