Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-terminals
Florian Weimer <fweimer@bfk.de> Tue, 29 March 2011 09:23 UTC
Return-Path: <fweimer@bfk.de>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4D2373A692D for <dnsext@core3.amsl.com>; Tue, 29 Mar 2011 02:23:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.914
X-Spam-Level:
X-Spam-Status: No, score=-1.914 tagged_above=-999 required=5 tests=[AWL=0.020, BAYES_00=-2.599, HELO_EQ_DE=0.35, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ona+YurRdvs5 for <dnsext@core3.amsl.com>; Tue, 29 Mar 2011 02:23:29 -0700 (PDT)
Received: from mx01.bfk.de (mx01.bfk.de [193.227.124.2]) by core3.amsl.com (Postfix) with ESMTP id F01903A68B7 for <dnsext@ietf.org>; Tue, 29 Mar 2011 02:23:28 -0700 (PDT)
Received: from mx00.int.bfk.de ([10.119.110.2]) by mx01.bfk.de with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) id 1Q4VAf-0001fV-PD; Tue, 29 Mar 2011 09:25:05 +0000
Received: by bfk.de with local id 1Q4VAf-0003od-JF; Tue, 29 Mar 2011 09:25:05 +0000
To: Paul Vixie <vixie@isc.org>
References: <AANLkTimCZVyag8+Pv8zJsah2B-C=h3bPJ=DNVVo3agLc@mail.gmail.com> <34319.1301351478@nsa.vix.com> <BANLkTikkx4ndK3TpByptuRdtPGuFztm2yA@mail.gmail.com> <65033.1301383238@nsa.vix.com>
From: Florian Weimer <fweimer@bfk.de>
Date: Tue, 29 Mar 2011 09:25:05 +0000
In-Reply-To: <65033.1301383238@nsa.vix.com> (Paul Vixie's message of "Tue\, 29 Mar 2011 07\:20\:38 +0000")
Message-ID: <82ei5qz3bi.fsf@mid.bfk.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: dnsext@ietf.org
Subject: Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-terminals
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Mar 2011 09:23:30 -0000
* Paul Vixie: > i don't think so. nobody is querying intersticial names from an rbl so > even if there were millions of rbldnsd servers running on autopilot it > would not have an operational effect. Will this remain true if ISC changes BIND to synthesize NXDOMAIN responses for children of names already known to not exist? In many cases, it will not be too difficult to reflect a query for the non-terminal through the MTA, and after that, the blacklist is partially bypassed. So I wouldn't be surprised if such queries turned somewhat popular, suddenly. And regarding the idea of a new EDNS option---we already have plenty of NXDOMAIN signalling in the form of NSEC(3) records. We just have to agree to use it. What's worse, it seems to me that past experience shows that EDNS options cause interoperability issues, too. -- Florian Weimer <fweimer@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
- [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-term… Colm MacCárthaigh
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Paul Vixie
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Matthew Dempsky
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Colm MacCárthaigh
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Paul Vixie
- [dnsext] list-meta: moderation (was: Fwd: djb on … Andrew Sullivan
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Florian Weimer
- Re: [dnsext] list-meta: moderation (was: Fwd: djb… Phillip Hallam-Baker
- Re: [dnsext] list-meta: moderation (was: Fwd: djb… Andrew Sullivan
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Paul Vixie
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Tony Finch
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Paul Vixie
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Florian Weimer
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Paul Vixie
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Edward Lewis
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Edward Lewis
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Paul Vixie
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Edward Lewis
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Florian Weimer
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Edward Lewis
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Paul Vixie
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Colm MacCárthaigh
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Sabahattin Gucukoglu
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Edward Lewis
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Tony Finch
- Re: [dnsext] Fwd: djb on NXDOMAIN/NODATA for non-… Edward Lewis