Andrew Sullivan wrote:
On Wed, Jan 31, 2018 at 04:15:07PM +0000, Viktor Dukhovni wrote:return NXDomain is likely the best option for now. The other alternative is to actually serve the expected data: localhost. IN A 127.0.0.1 localhost. IN AAAA ::1 but I don't think that'd be better.It has the notable advantage that it's what the RFC says to do.
while i would separately be happy to outlaw queries for this name by resolvers, i agree that actually serving and signing the data would meet the standard of "reasonable expectations", and ought to be debated.
as to the first, i harken again to RFC 1535, which advises implementers of host stub resolver libraries, but which adds or subtracts or modifies no on-the-wire patterns. that's how bad behaviour is managed, and not by mandating that my local RDNS server not answer for localhost.
-- P Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
