On the internet, people set things up in all kinds of weird and terrible ways. That doesn't mean we have to encourage them.
Lots of bad practices from the past have fallen away, with some help from the IETF. Bad practices of today won't last forever either. --Ben ________________________________ From: Petr Špaček <[email protected]> Sent: Friday, July 25, 2025 3:23 AM To: [email protected] <[email protected]> Subject: [DNSOP] Re: Fwd: New Version Notification for draft-tdj-dnsop-associated-prefixes-for-domains-00.txt On 08. 07. 25 0:58, Ben Schwartz wrote: > I have serious concerns about proposals that would encourage blocking/ > unblocking IP addresses based on previous DNS activity. If your > network's firewall behavior depends on the history of DNS queries, this > creates an extreme form of stateful protocol ossification that prevents > IP from working correctly. It's like NAT but worse, because the Sorry to break the bad news: This is already happening even without this draft. DoH clients which decided to unilaterally ignore system-provided resolver triggered admins to implement this (with intent to enforce local policy) for locked-down environments. -- Petr Špaček _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
