nanog mailing list archives

Re: What DNS Is Not

From: David Conrad <drc () virtualized org>
Date: Thu, 26 Nov 2009 13:38:48 -0800

Dan,

On Nov 26, 2009, at 10:25 AM, Dan White wrote:

On 26/11/09 07:37 -0800, David Conrad wrote:

There are folks on this list who work for ISPs which are doing wildcards/synthesis/etc.  They (or, more likely their 
management) can tell you there are obvious business reasons why they do wildcards/synthesis/etc.  Perhaps I'm overly 
cynical, but I suspect that until those business reasons go away, shining a flash light will probably just result in 
more ISPs implementing wildcards/synthesis/etc.


That's a disagreement we'll have to have. Anytime this issue has been brought
up in a public setting (here, slashdot, etc.) has resulted in terrible press
and even corrective action. In particular, Network Solutions' attempt to
at this at the .com level was corrected.


Right.  And since then, ICANN has contractually disallowed gTLD registries from doing SiteFinder like services (unless 
they can demonstrate such a service won't have a negative security/stability impact).  However, as I said, ICANN has no 
control over what ccTLDs do and there are 12 doing wildcards/synthesis/NXDOMAIN redirection/etc. as I type this, namely:

CG (Congo) -- Web redirects to the registry website to register a .CG domain.
KR (South Korea) -- If it is a non IDNA-encoded IDN, converts to IDNA. For ASCII, generates a “fake” page-not-found 
error for web requests.
NU (Niue) -- Web requests solicit you to register the domain.
PH (Philippines) -- Web requests solicit you to register the domain.
PW (Palau) -- File not found error. Uses an invalid SSL certificate.
RW (Rwanda) -- Connection time out (wildcard site is down)
ST (Sao Tome) -- Web requests solicit you to register the domain. Uses an invalid SSL certificate.
TK (Tokelau) -- Connection refused (wildcard site is down)
VG (Virgin Is., UK) -- Web requests solicit you to register the domain.
VN (Viet Nam) -- Web requests solicit you to register the domain.
WS (Samoa) -- Web requests solicit you to register the domain.
CN (China) -- Uses synthesis for IDN labels. Returns NXDOMAIN for ASCII labels.

However, that's different than what I thought we were talking about.  I thought we were talking about ISPs doing 
wildcards/synthesis/NXDOMAIN redirection/etc.  There are a number of ISPs that do this, some of which are quite well 
known (there is even an Internet Draft on the techniques, see 
http://tools.ietf.org/html/draft-livingood-dns-redirect-00).  Pretty large flash light...

Regards,
-drc

Current thread:

Re: What DNS Is Not, (continued)
- - - Re: What DNS Is Not Jorge Amodio (Nov 25)
    - Re: What DNS Is Not Mark Andrews (Nov 25)
    - Re: What DNS Is Not Dan White (Nov 25)
    - Re: What DNS Is Not David Conrad (Nov 25)
    - Re: What DNS Is Not Dan White (Nov 25)
    - Re: What DNS Is Not David Conrad (Nov 26)
    - Re: What DNS Is Not Dan White (Nov 26)
    - Re: What DNS Is Not Valdis . Kletnieks (Nov 26)
    - Re: What DNS Is Not Dobbins, Roland (Nov 26)
    - Re: What DNS Is Not Eric Brunner-Williams (Nov 26)
    - Re: What DNS Is Not David Conrad (Nov 26)
    - Re: What DNS Is Not bmanning (Nov 25)
    - Re: What DNS Is Not Jorge Amodio (Nov 25)
    - Re: What DNS Is Not Mark Andrews (Nov 25)
    - Re: What DNS Is Not Michael Peddemors (Nov 25)
    - Re: What DNS Is Not Paul Vixie (Nov 25)
    - Re: What DNS Is Not David Conrad (Nov 26)
    - Re: What DNS Is Not Paul Vixie (Nov 26)
    - Re: What DNS Is Not David Conrad (Nov 26)
    - Re: What DNS Is Not Paul Vixie (Nov 26)
    - Re: What DNS Is Not Florian Weimer (Nov 26)

(Thread continues...)