* Stephane Bortzmeyer: > Unless I'm wrong, the I-D about lying resolvers do not discuss the > issue of zone cuts. > > If I type www.doesnotexistatall.com (the SLD does not exist and so I > should get a NXDOMAIN), I get the IP address of the ad Web server. If > I type wwww.afnic.fr, I will get this IP address as well, since the > QNAME does not exist (four 'w' instead of three) despite the fact that > the SLD does exist.
This also interacts very badly the subdomain-based web trust model, so it should be mentioned in the Security Considerations section. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
