nanog mailing list archives

Re: Hey, SiteFinder is back, again...

From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Tue, 6 Nov 2007 13:19:30 +0000


On Mon, 5 Nov 2007 23:46:08 -0800
"Christopher Morrow" <christopher.morrow () gmail com> wrote:


On 11/5/07, Eliot Lear <lear () cisco com> wrote:


Cough.  So, how much is that NXDOMAIN worth to you?


So, here's the problem really... NXDOMAIN is being judged as a
'problem'. It's really only a 'problem' for a small number of
APPLICATIONS on the Internet. One could even argue that in a
web-browser the 'is nxdomain a problem' is still up to the browser to
decide how best to answer the USER of that browser/application. Many,
many applications expect dns to be the honest broker, to let them know
if something exists or not and they make their minds up for the upper
layer protocols accordingly.

DNS is fundamentally a basic plumbing bit of the Internet. There are
things built around it operating sanely and according to generally
accepted standards. Switching a behavior because you believe it to be
'better' for a large and non-coherent population is guaranteed to
raise at least your support costs, if not your customer-base's ire.
Assuming that all the world is a web-browser is at the very least
naive and at worst wantonly/knowingly destructive/malfeasant.

MarkA and others have stated: "Just run a cache-resolver on your local
LAN/HOST/NET", except that's not within the means of
joe-random-sixpack, nor is it within the abilities of many
enterprise/SMB folks, talking from experience chatting up misbehaving
enterprise/banking/SMB customers first hand. What's to keep the ISP
from answering: provider-server.com when they ask for Yahoo.com or
Google.com or akamai-deployed-server.com aside from (perhaps) a threat
of lawyers calling?


Hey -- I can so run a cache/resolver...

More seriously: you're right; most people can't and won't.  But a
majority of customers in that space are using small NATs.  Those
certainly can; in fact, they often do.  It's just that today, they
simply talk to their upstreams, rather than starting from the root and
going down.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Current thread:

Re: Hey, SiteFinder is back, again..., (continued)
- - - Re: Hey, SiteFinder is back, again... Phil Regnauld (Nov 05)
    - Re: Hey, SiteFinder is back, again... David Lesher (Nov 05)
    - Re: Hey, SiteFinder is back, again... David Conrad (Nov 05)
    - Re: Hey, SiteFinder is back, again... Steven M. Bellovin (Nov 05)
    - Re: Hey, SiteFinder is back, again... David Conrad (Nov 05)
    - Re: Hey, SiteFinder is back, again... Tim Wilde (Nov 05)
    - Re: Hey, SiteFinder is back, again... Bora Akyol (Nov 05)
    - Re: Hey, SiteFinder is back, again... David Conrad (Nov 05)
    - Re: Hey, SiteFinder is back, again... Eliot Lear (Nov 05)
    - Re: Hey, SiteFinder is back, again... Christopher Morrow (Nov 05)
    - Re: Hey, SiteFinder is back, again... Steven M. Bellovin (Nov 06)
    - Re: Hey, SiteFinder is back, again... Barry Shein (Nov 06)
    - Re: Hey, SiteFinder is back, again... Mark Andrews (Nov 05)
    - Re: Hey, SiteFinder is back, again... David Conrad (Nov 05)
    - Re: Hey, SiteFinder is back, again... Mark Andrews (Nov 05)
    - Re: Hey, SiteFinder is back, again... David Conrad (Nov 05)
    - Re: Hey, SiteFinder is back, again... Stephane Bortzmeyer (Nov 05)
    - Re: Hey, SiteFinder is back, again... D'Arcy J.M. Cain (Nov 05)
    - Re: Hey, SiteFinder is back, again... Stefan Bethke (Nov 05)
    - RE: Hey, SiteFinder is back, again... Frank Bulk - iNAME (Nov 06)
    - Re: Hey, SiteFinder is back, again... Patrick W. Gilmore (Nov 05)

(Thread continues...)