E. ALLEN SMITH writes:
I see your difficulty. It is an additional one with respect to anonymous accounts. Hmm... you could put the burden on other ISPs by only having anonymous accounts via telnet access - and not accepting such from k12.edu domains. Bit of a limit, though.
1) New .edu registrations are restricted to colleges, but you have rogues like sidwell.edu (Chelsea's Quaker school), plus the odd 17-year-old attending college like I did. 2) .k12.STATE.us is safe enough to restrict, except that some people are staff members who will be unhappy. Of course, those people can just change their DNS so it responds to a PTR request with a.root-servers.net. So naturally you don't let the students manage your servers (although frankly, the staff members have little time or knowledge to do it themselve; most would be happy to find a trustworthy student). Even so, said smart student will discover that it's possible to spoof the DNS by spamming a client with responses. That's particularly easy since the source of the packet will likely be the same subnet that the smart student. You can't use the DNS for authentication of any type, particularly if a Damoclean CDA is hanging over your head. -russ <nelson@crynwr.com> http://www.crynwr.com/~nelson Crynwr Software | Crynwr Software sells packet driver support | PGP ok 11 Grant St. | +1 315 268 1925 voice | It's no mistake to err on Potsdam, NY 13676 | +1 315 268 9201 FAX | the side of freedom.