Re: [dnsext] WG opinion on draft : Improvements to DNS Resolvers, for Resiliency, Robustness, and Responsiveness

[Paul Vixie <vixie@isc.org>]

> From: Florian Weimer <fweimer@bfk.de>
> Date: Wed, 23 Feb 2011 15:48:24 +0000
> 
> > who is everyone?  i don't think bind or nominum or microsoft's or
> > american internet's (now cisco's) authority servers have ever sent
> > nxdomain on an empty non-terminal, and for a long time that was 100%
> > of the market.
> 
> The handling of empty non-terminals was changed in BIND 9.2.3,
> probably prompted by the standardization work on DNSSECbis.  According
> to the CHANGES file, this is RT #4715 in your bug tracker.

as marka has explained, this was a dnssec protocol bug, which bind9 tracked.

> > nlnetlabs nsd and verisign atlas both understood the spec in this
> > regard also.
> 
> Actually, ATLAS sent NXDOMAIN instead of NODATA for existing,
> non-delegated names with a missing RRset (that is, empty terminals) at
> one point in the not too-distant past.  I don't remember if they
> implemented the old BIND behavior, too, but it would be odd to send
> NXDOMAIN for empty terminals, and NODATA for empty non-terminals.
---
> Off-list, I was told that my terminology is off, which is true.
> Please read "empty RRsets" for "empty terminals".

either way this is unrelated to empty nonterminals, which atlas never had
to deal with anyway, i should not have mentioned it.

---

> Date: Wed, 23 Feb 2011 12:52:56 -0400
> From: Brian Dickson <brian.peter.dickson@gmail.com>
> ...
> - it shows that regardless of deployment scope, there should be
> pressure to fix broken deployments, rather than to ankylose (rigidly
> anchor, forever) that broken-ness into the specifications (IMHO)

right.