Unless I'm wrong, the I-D about lying resolvers do not discuss the issue of zone cuts.
If I type www.doesnotexistatall.com (the SLD does not exist and so I should get a NXDOMAIN), I get the IP address of the ad Web server. If I type wwww.afnic.fr, I will get this IP address as well, since the QNAME does not exist (four 'w' instead of three) despite the fact that the SLD does exist. This is a very serious problem: when rewriting the NXDOMAIN of www.doesnotexistatall.com, you only harm the user. When rewriting the NXDOMAIN of wwww.afnic.fr, you harm the holder of afnic.fr as well, since the ad Web site will appear to be under this SLD. Searching for a zone cut and not rewriting answers when there is a non-delegation domain in the path may be a solution, although I'm not sure it is possible to do it properly. (And I won't try since modifying DNS answers is a bad idea, anyway). _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
