nanog mailing list archives
Re: NXDOMAIN Resolvers
From: William Herrin <bill () herrin us>
Date: Wed, 20 Apr 2022 08:42:28 -0700
On Wed, Apr 20, 2022 at 8:39 AM William Herrin <bill () herrin us> wrote:
On Wed, Apr 20, 2022 at 8:00 AM Antonia Affinito <antoniaaffinito12 () gmail com> wrote:I noticed that, in case of a malicious domain name, some local resolvers send an NXDOMAIN and others a courtesy page address. Do you know if the resolvers (for example TIM, Wind or Fastweb) can return an NXDomain in order to protect their clients?From a network engineering perspective, any resolver that responds to an authoritative NXDOMAIN by generating an address for a courtesy page -is- the malicious actor. Doubly so if they lie about the DNSSEC status in the response.
Nevermind; I misunderstood your question. The domain name exists but the resolver has blocked it. How should the resolver alter its response: NXDOMAIN or the IP address of a courtesy web page explaining the block. Regards, Bill Herrin -- William Herrin bill () herrin us https://bill.herrin.us/
Current thread:
- NXDOMAIN Resolvers Antonia Affinito (Apr 20)
- Re: NXDOMAIN Resolvers William Herrin (Apr 20)
- Re: NXDOMAIN Resolvers William Herrin (Apr 20)
- Re: NXDOMAIN Resolvers Matthew Pounsett (Apr 20)
- RE: NXDOMAIN Resolvers Brian Turnbow via NANOG (Apr 20)
- Re: NXDOMAIN Resolvers Thomas Mieslinger (Apr 21)
- Re: NXDOMAIN Resolvers William Herrin (Apr 20)