Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-terminal nodes
"John R. Levine" <johnl@iecc.com> Sat, 23 April 2011 21:08 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dnsext@ietfc.amsl.com
Delivered-To: dnsext@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 343F1E068B for <dnsext@ietfc.amsl.com>; Sat, 23 Apr 2011 14:08:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.078
X-Spam-Level:
X-Spam-Status: No, score=-109.078 tagged_above=-999 required=5 tests=[AWL=2.121, BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hLA0688nWoWM for <dnsext@ietfc.amsl.com>; Sat, 23 Apr 2011 14:08:09 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [64.57.183.53]) by ietfc.amsl.com (Postfix) with ESMTP id 4D277E0686 for <dnsext@ietf.org>; Sat, 23 Apr 2011 14:08:08 -0700 (PDT)
Received: (qmail 55047 invoked from network); 23 Apr 2011 21:08:06 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:vbr-info:user-agent:cleverness; s=d706.4db33fb6.k1104; i=johnl@submit.iecc.com; bh=Hrk7ZSHqxp5E+lJ8GrYZtTHvgyl3rw9VxgsObaFvVf0=; b=cUWGR0CTtUUrTPAbKM2ENM7rxllIdDhBh/0yy7hHUp0ecs1+GkOTSgmyTHh0u9pYrBVxVVVW2hg+/W5B6SPAuixmNaiJetHKonGJjMnjb1I5HaizzCV5tEr8z22nQTUl5yiyAOtQaT9uYQEvjcSO3G2ajZmapJV6TlU3wxxVB5A=
VBR-Info: md=iecc.com; mc=all; mv=dwl.spamhaus.org
Received: (ofmipd johnl@64.57.183.62) with (DHE-RSA-AES256-SHA encrypted) SMTP; 23 Apr 2011 21:07:43 -0000
Date: Sat, 23 Apr 2011 17:08:00 -0400
Message-ID: <alpine.BSF.2.00.1104231702040.22305@joyce.lan>
From: "John R. Levine" <johnl@iecc.com>
To: Sam Trenholme <strenholme.usenet@gmail.com>
In-Reply-To: <BANLkTimgkfQFx8ocrXjv7UFjhCzenwDhKw@mail.gmail.com>
References: <BANLkTimgkfQFx8ocrXjv7UFjhCzenwDhKw@mail.gmail.com>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
Cleverness: None detected
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
Cc: dnsext@ietf.org
Subject: Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-terminal nodes
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Apr 2011 21:08:10 -0000
> Please update http://tools.ietf.org/html/draft-vixie-dnsext-resimprove-00 > appropriately. Particularly with IPv6 rDNS, the wrongness of returning NXDOMAIN for an empty node with other nodes below it is no longer harmless. I'm working to fix rbldnsd, you can fix maradns. It's an open question whether people will fix rbldnsd, or we'll just give up on it, since it's unlkely ever to handle EDNS0 or DNSSEC either. By the way, telling people "you're wrong, change it because it's hard for me to fix" is rarely a winning strategy. Within a day of my asking the djbdns list how hard it would be to fix tinydns, someone had an approximate fix for it. It's not that hard, you put dummy entries in your hash where the noerror responses need to be. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
- [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-term… Sam Trenholme
- Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-… John R. Levine
- Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-… Sam Trenholme
- Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-… Edward Lewis
- Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-… Marc Lampo
- Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-… Paul Vixie
- Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-… Edward Lewis
- Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-… Hugo Salgado
- Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-… Edward Lewis
- Re: [dnsext] MaraDNS and NXDOMAIN/NOERROR on non-… Paul Vixie