nanog mailing list archives
RE: Change to .com/.net behavior
From: "David Schwartz" <davids () webmaster com>
Date: Wed, 17 Sep 2003 10:50:38 -0700
I've implemented the official ISC Bind hack on every single one of my name servers and am pushing it and the configuration changes out to my customers as a *required* upgrade.
that seems a bit extreme. shouldn't they get to decide this for themselves?
Returning NXDOMAIN when a domain does not exist is a basic requirement. Failure to do so creates security problems. It is reasonable to require your customers to fix known breakage that creates security problems. VeriSign has a public trust to provide accurate domain information for the COM and NET zones. They have decided to put their financial interest in obscuring this information ahead of their public trust. Microsoft, for example, specifically designed IE to behave in a particular way when an unregistered domain was entered. Verisigns wildcard record is explicitly intended to break this detection. The wildcard only works if software does not treat it as if the domain wasn't registered even though it is not. Verisign has created a business out of fooling software through failure to return a 'no such domain' indication when there is no such domain, in breach of their public trust. As much as Verisign was obligated not to do this, others are obligated not to propogate the breakage. ISPs operate DNS servers for their customers just as Verisign operates the COM and NET domains for the public. DS
Current thread:
- Change to .com/.net behavior Matt Larson (Sep 15)
- Re: Change to .com/.net behavior Vadim Antonov (Sep 15)
- Re: Change to .com/.net behavior Christopher X. Candreva (Sep 15)
- Re: Change to .com/.net behavior Justin Shore (Sep 17)
- Re: Change to .com/.net behavior Paul Vixie (Sep 17)
- RE: Change to .com/.net behavior David Schwartz (Sep 17)
- Re: Change to .com/.net behavior Paul Vixie (Sep 17)
- RE: Change to .com/.net behavior David Schwartz (Sep 17)
- Re: Change to .com/.net behavior John Palmer (Sep 17)
- Re: Change to .com/.net behavior Ross Wm. Rader (Sep 17)
- Re: Change to .com/.net behavior Joe Maimon (Sep 17)
- Re: Change to .com/.net behavior Valdis . Kletnieks (Sep 17)
- Re: Change to .com/.net behavior Paul Vixie (Sep 17)
- Re: Change to .com/.net behavior Christopher X. Candreva (Sep 15)
- Re: Change to .com/.net behavior Vadim Antonov (Sep 15)
- Re: Change to .com/.net behavior Kandra Nygårds (Sep 17)
- Re: Change to .com/.net behavior sthaug (Sep 17)
- Re: Change to .com/.net behavior Kandra Nygårds (Sep 17)