Re: [DNSOP] Review of draft-livingood-dns-redirect-00
Unless I'm wrong, the I-D about lying resolvers do not discuss the issue of zone cuts. If I type www.doesnotexistatall.com (the SLD does not exist and so I should get a NXDOMAIN), I get the IP address of the ad Web server. If I type .afnic.fr, I will get this IP address as well, since the QNAME does not exist (four 'w' instead of three) despite the fact that the SLD does exist. This is a very serious problem: when rewriting the NXDOMAIN of www.doesnotexistatall.com, you only harm the user. When rewriting the NXDOMAIN of .afnic.fr, you harm the holder of afnic.fr as well, since the ad Web site will appear to be under this SLD. Searching for a zone cut and not rewriting answers when there is a non-delegation domain in the path may be a solution, although I'm not sure it is possible to do it properly. (And I won't try since modifying DNS answers is a bad idea, anyway). ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Review of draft-livingood-dns-redirect-00
> This is a very serious problem: when rewriting the NXDOMAIN of > www.doesnotexistatall.com, you only harm the user. When rewriting the > NXDOMAIN of .afnic.fr, you harm the holder of afnic.fr as well, > since the ad Web site will appear to be under this SLD. Not only is this a very good point, but it doesn't just apply at the SLD level. ICANN will be selling vanity TLD's someday soon, and it'll be necessary to think about www.doesnotexistatall.ebay and .amazon and .google and so forth. Rewriting NXDOMAIN under *any* zone cut, not just the SLD zone cut, could harm a domain owner. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
Re: [DNSOP] Review of draft-livingood-dns-redirect-00
It seems inappropriate for the IETF to bless lying resolvers as a Best Current Practice. I doubt we as a community could have consensus on when lying is good, when it is neutral, and when it is bad. Without such agreement, we can't agree on how to run such servers. Having said that, the publication of a document such as this (with more input from the community) as a Informational RFC could indeed help the Internet. --Paul Hoffman, Director --VPN Consortium ___ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
