On Apr 13, 2009, at 7:01 PM, Mark Andrews wrote:
If a application is doing the wrong thing w.r.t. SRV records then
fix the application. The root servers can handle a A and AAAA
queries for ".". Most cache's will correctly
negatively cache such responses.
As for "MX 0 ." the sooner this gets defined as no SMTP service for
this domain the better. The cost for changing this is only every
going to increase.
It may take years before a significant portion of SMTP servers
recognize root domains as meaning no service. An alternative would be
to require MX records to assert SMTP service. A positive assertion
will not impose additional burdens on root servers, but will
necessitate explicit DNS provisions to exchange SMTP messages. With
19 out of 20 messages being abusive and largely from compromised
systems, requiring a domain to assert their intent to exchange public
SMTP messages will encourage adoption without burdening root servers
with strategies sure to generate extraneous traffic beyond their
control.
SRV records have demonstrated the inability of roots to ensure
applications mitigate extraneous traffic. Expanding upon this failure
seems sure to result in a growing number of wildcard MX records
targeting roots. Negative caching of randomly spoofed domains might
not be an effective control. It seems unwise to encourage a greater
use of wildcard records that target roots.
-Doug
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
