IETF Logo Mail Archive

Re: [DNSOP] Review of draft-livingood-dns-redirect-00

Stephane Bortzmeyer <bortzmeyer@nic.fr> Tue, 14 July 2009 21:27 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 15D443A68B6 for <dnsop@core3.amsl.com>; Tue, 14 Jul 2009 14:27:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07AtG7Nwh8wj for <dnsop@core3.amsl.com>; Tue, 14 Jul 2009 14:27:45 -0700 (PDT)
Received: from mail.bortzmeyer.org (bortzmeyer-1-pt.tunnel.tserv10.par1.ipv6.he.net [IPv6:2001:470:1f12:420::2]) by core3.amsl.com (Postfix) with ESMTP id E13D33A6783 for <dnsop@ietf.org>; Tue, 14 Jul 2009 14:27:38 -0700 (PDT)
Received: by mail.bortzmeyer.org (Postfix, from userid 10) id A708C94BC1; Tue, 14 Jul 2009 23:28:08 +0200 (CEST)
Received: by mail.sources.org (Postfix, from userid 1000) id 2F5E61A8C29; Tue, 14 Jul 2009 23:23:19 +0200 (CEST)
Date: Tue, 14 Jul 2009 23:23:19 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Ray.Bellis@nominet.org.uk
Message-ID: <20090714212319.GC822@sources.org>
References: <alpine.LSU.2.00.0907131217470.30197@hermes-2.csi.cam.ac.uk> <C680B730.EB2C%Jason_Livingood@cable.comcast.com> <OF7DF796AD.4DDFC39E-ON802575F2.004F141D-802575F2.004F7642@nominet.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <OF7DF796AD.4DDFC39E-ON802575F2.004F141D-802575F2.004F7642@nominet.org.uk>
X-Transport: UUCP rules
X-Operating-System: Debian GNU/Linux 5.0.2
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: dnsop@ietf.org, "Livingood, Jason" <Jason_Livingood@cable.comcast.com>
Subject: Re: [DNSOP] Review of draft-livingood-dns-redirect-00
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2009 21:27:47 -0000

On Mon, Jul 13, 2009 at 03:27:56PM +0100,
 Ray.Bellis@nominet.org.uk <Ray.Bellis@nominet.org.uk> wrote 
 a message of 51 lines which said:

> At least when you do it on your recursive servers you're only affecting 
> your own customers, who in most cases can vote with their wallets when 
> they don't like it.

No, as I explained here:

If I type www.doesnotexistatall.com (the SLD does not exist and so I
should get a NXDOMAIN), I get the IP address of the ad Web server. If
I type wwww.afnic.fr, I will get this IP address as well, since the
QNAME does not exist (four 'w' instead of three) despite the fact that
the SLD does exist.

This is a very serious problem: when rewriting the NXDOMAIN of
www.doesnotexistatall.com, you only harm the user. When rewriting the
NXDOMAIN of wwww.afnic.fr, you harm the holder of afnic.fr as well,
since the ad Web site will appear to be under this SLD.

Searching for a zone cut and not rewriting answers when there is a
non-delegation domain in the path may be a solution, although I'm not
sure it is possible to do it properly. (And I won't try since
modifying DNS answers is a bad idea, anyway).
 
> When it's done on the authoritative servers no-one has a choice :(

But at least you do not violate the DNS protocol (unlike what the DNS
lying resolvers do).

v2.23.0 | Report a Bug | By Email