[c-nsp] rate limit dns
Dobbins, Roland
rdobbins at arbor.net
Sun Dec 29 07:10:28 EST 2013
On Dec 29, 2013, at 5:18 PM, Gert Doering <gert at greenie.muc.de> wrote:
> I might be a bit extreme on this, but I highly value the end-to-end communication nature of the Internet,
Again, causing users to utilize your recursors by default, plus Open DNS and Google DNS, and with an opt-out proviso for 'advanced' users, does not in any way inhibit their ability to access the Internet, while implementing such a policy materially contributes to the security of your user base.
I used to dread the day that a user would end up successfully suing a consumer broadband network operator due to a compromise which could've been avoided by implementing sensible, non-intrusive policies such as this one, as I thought that such a verdict would likely set a very bad precedent (literally) and do far more harm than good. More and more, though, I'm coming around to the view that some sizable damage awards are the only thing that will motivate consumer broadband network operators to use common sense and stop throwing up specious objections to entirely reasonable, lightweight default policies which do not in any way, shape, form, or fashion impact 'the end-to-end communication nature of the Internet', yet which provide welcome protections for average consumer users while at the same time not limiting more 'advanced' users.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 243 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20131229/d2d88c49/attachment.sig>
More information about the cisco-nsp
mailing list