Re: [dnsext] Re: need new flag bit in EDNS, "do me no favours" (DMNF)

[Nicholas Weaver <nweaver@icsi.berkeley.edu>]

On Oct 26, 2010, at 12:34 PM, Andreas Gustafsson wrote:

> Paul Vixie wrote:
>>> From: Colm MacCárthaigh <colm@allcosts.net>
>>> Why doesn't that belong better in HTTP? The HTTP WG is probably better
>>> placed to define whatever a "web error" is.
>> 
>> if you get an nxdomain you won't be connecting to any web server anywhere.
> 
> Maybe this can't be solved by the HTTP WG, but it could be solved by
> the web browser vendors.
> 
> First of all, any improvement in "user experience" that the proponents
> of web error redirection are claiming as a justification for doing DNS
> rewriting can just as easily be implemented in the browser.  One
> difference, of course, is that any ad revenue resulting from the
> "improved experience" would then go to the browser vendor rather than
> the ISP.

In fact, this is the biggest problem with such rewriting: the browsers often DO have very good behavior on nxdomain in many cases.

EG, type in a random word into firefox.  The first thing it does is do a lookup for that word, and only after the nxdomains happen does it immediately redirect to google.


> Second, browser vendors are in a position to defend against unwanted
> DNS rewrites, by making the browsers bypass the system resolver and
> directly query a recursive DNS server operated by the vendor or a
> third party.  If enough browsers did this, NXDOMAIN rewriting in the
> DNS would not longer be profitable.

They can't do that so easily however:  the latency to third party resolvers suck, there are far too many networks that block/game outbound DNS on the packet level, and there is no solution for the 'akamai problem' [1]



[1] Well, there is.  EDNS0-client-subnet, but there are a lot here who object to that solution on religious grounds.