Re: The power of default configurations

["Jay R. Ashworth" <jra () baylink com>]

On Sun, Apr 10, 2005 at 09:15:39PM -0400, Sean Donelan wrote:
> How can we make more software "safe by default?"  Because relying on the
> user or sysadmin to make it safe isn't working.  That includes safe
> default configurations that are conservative in what they send, such as
> doing RFC1918 lookups against root name servers.  The original BIND
> from Berkeley included a "localhost" file, why not a "workgroup" file
> and an RFC1918 file?

And, to tie the thread title back in to one example of what you're
saying there, five years ago when I first saw NANOG, there might have
been a reason why you had to let forged source addresses leak through
your edge devices...

but that was five years ago.  Have manufacturers *really* not made that
item a default by now?  Have providers *really* not changed out that
equipment in five years?  I mean, this is internet time, right?

Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra () baylink com
Designer                          Baylink                             RFC 2100
Ashworth & Associates        The Things I Think                        '87 e24
St Petersburg FL USA      http://baylink.pitas.com             +1 727 647 1274

      If you can read this... thank a system administrator.  Or two.  --me