[dnsext] Lame Server responses
Edward Lewis <Ed.Lewis@neustar.biz> Mon, 11 October 2010 14:43 UTC
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1FDF13A6A9D; Mon, 11 Oct 2010 07:43:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Status: No, score=-100.302 tagged_above=-999 required=5 tests=[AWL=-0.117, BAYES_40=-0.185, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([220.127.116.11]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SPYi45hSSww1; Mon, 11 Oct 2010 07:43:11 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 2450B3A6A96; Mon, 11 Oct 2010 07:43:11 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.72 (FreeBSD)) (envelope-from <firstname.lastname@example.org>) id 1P5JXd-000CHv-JC for email@example.com; Mon, 11 Oct 2010 14:39:53 +0000
Received: from stora.ogud.com ([18.104.22.168]) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.72 (FreeBSD)) (envelope-from <Ed.Lewis@neustar.biz>) id 1P5JXa-000CGI-19 for firstname.lastname@example.org; Mon, 11 Oct 2010 14:39:50 +0000
Received: from nkul-lt510.cis.neustar.com (gatt.md.ogud.com [10.20.30.6]) by stora.ogud.com (8.14.4/8.14.4) with ESMTP id o9BEdenS086450; Mon, 11 Oct 2010 10:39:40 -0400 (EDT) (envelope-from Ed.Lewis@neustar.biz)
Received: from [192.168.129.62] by nkul-lt510.cis.neustar.com (PGP Universal service); Mon, 11 Oct 2010 10:39:47 -0400
X-PGP-Universal: processed; by nkul-lt510.cis.neustar.com on Mon, 11 Oct 2010 10:39:47 -0400
Date: Mon, 11 Oct 2010 10:33:36 -0400
From: Edward Lewis <Ed.Lewis@neustar.biz>
Subject: [dnsext] Lame Server responses
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
X-Scanned-By: MIMEDefang 2.68 on 10.20.30.4
List-Unsubscribe: To unsubscribe send a message to email@example.com with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
It used to be that the response from a name server, in particular BIND, when it determined it was lame was to send a referral to the root. In response to a network event a few years ago, this was thought to be a bad thing because it was being used to amplify the traffic volume for some apparently malicious intent. At that time some software developers choose suspend the referral to the root response. Today, ISC's BIND returns a response code of REFUSED. UltraDNS code returns SERVFAIL. There's no specification for this. One of our customers asked us what we returned when lame and we told them SERVFAIL. Paraphrasing the response "but BIND returns REFUSED". A question to the group. Is either SERVFAIL or REFUSED acceptable? I am not pushing for one-or-the-other (because no one wants to change code unnecessarily), nor am I wanting to debate whether one response is better than the other. I'll note that UltraDNS internally did discuss this a long time ago and we went with SERVFAIL because we felt it was the most apt response, but that doesn't mean there were other choices. The thing is - when we get a query that we are lame for, we want to tell the querier something that will stop them from trying again (even if just for the current query). I think both REFUSED and SERVFAIL do that. Does it matter that there is no return code for LAME? Would an iterating resolver need to know this? (Given lameness can be fleeting, it's not a permanent state.) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Ever get the feeling that someday if you google for your own life story, you'll find that someone has already written it and it's on sale at Amazon?