On Mon, 09 Nov 2009 15:04:06 PST, Bill Stewart said: > For instance, returning the IP address of your company's port-80 web > server instead of NXDOMAIN > not only breaks non-port-80-http applications
Remember this... > There is one special case for which I don't mind having DNS servers > lie about query results, > which is the phishing/malware protection service. In that case, the > DNS response is redirecting you to > the IP address of a server that'll tell you > "You really didn't want to visit PayPa11.com - it's a fake" or > "You really didn't want to visit > dgfdsgsdfgdfgsdfgsfd.example.ru - it's malware". > It's technically broken, but you really _didn't_ want to go there anyway. > It's a bit friendlier to administrators and security people if the > response page gives you the Returning bogus non-NXODMAIN gives non-port-80-http apps heartburn as well.
pgpJo9eqAx0jr.pgp
Description: PGP signature
