On Tue, 26 May 2015, Paul Vixie wrote:
i agree with ruben. i know of a lot of local uses of HOME, CORP, and
LOCAL, where non-dotless names inside some network perimeter have local
meaning. i know of no instance of MAIL being used that way.
How do 15 year old OSes and applications implement and interact for
"search domains".
The answer is "very differently and often very wrongly".
Are we sure that an application querying "mail" will still end up
receiving
an A record for mail.corp.com. when mail. is delegated.
yes. i wrote a lot of the 15-year-old code in question. (actually some
of it is 25 years old.) NOERROR vs. NXDOMAIN doesn't matter. all that
matters is that there is no AAAA or A RR at "MAIL.", and that's already
a rule, so what we're discussing here (your mail.corp.com example) will
not be impacted.
your example is spot-on when it comes to CORP, HOME, or LOCAL, or to
dotless domains, but not to *.MAIL.
OLD:
1) some stupid application asks for "mail"
2) some resolver library interprets this as unqualified (maybe because
it did not resolve from the root), adds its own search domain ".example.com"
and re-queries.
3) resolver finds IP for mail.example.com and returns it
3) stupid application happy
NEW:
1) some stupid application asks for "mail"
2) same resolver library, now finding mail exists, does not add
search domain ".example.com" and returns NXDOMAIN.
3) stupid application fails
No, i do not know how common or uncommon or important/unimportant this
is. We would only know once this fails.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
