IETF Logo Mail Archive

Re: [DNSOP] Review of draft-livingood-dns-redirect-00

Andreas Gustafsson <gson@araneus.fi> Thu, 16 July 2009 08:50 UTC

Return-Path: <gson@araneus.fi>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 531B53A6B75 for <dnsop@core3.amsl.com>; Thu, 16 Jul 2009 01:50:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.842
X-Spam-Level:
X-Spam-Status: No, score=-1.842 tagged_above=-999 required=5 tests=[AWL=0.757, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WF79ooVz7Ybh for <dnsop@core3.amsl.com>; Thu, 16 Jul 2009 01:50:16 -0700 (PDT)
Received: from gurgel.gson.org (gurgel.gson.org [83.246.72.252]) by core3.amsl.com (Postfix) with ESMTP id 4ADC23A6AD3 for <dnsop@ietf.org>; Thu, 16 Jul 2009 01:50:16 -0700 (PDT)
Received: from guava.gson.org (nblzone-227-105.nblnetworks.fi [83.145.227.105]) by gurgel.gson.org (Postfix) with ESMTP id 6B5877C948; Thu, 16 Jul 2009 08:50:40 +0000 (UTC)
Received: by guava.gson.org (Postfix, from userid 101) id 2CA18760E9; Thu, 16 Jul 2009 11:50:28 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <19038.59859.828808.448502@guava.gson.org>
Date: Thu, 16 Jul 2009 11:50:27 +0300
To: dnsop@ietf.org
In-Reply-To: <20090716071553.GA5985@nic.fr>
References: <C67B83C4.E855%Jason_Livingood@cable.comcast.com> <20090710130527.GA17272@laperouse.bortzmeyer.org> <850A39016FA57A4887C0AA3C8085F949F02E00@KAEVS1.SIDN.local> <6C166401-DF49-48EA-A69B-C1EAA09EBF05@dnss.ec> <20090716071553.GA5985@nic.fr>
X-Mailer: VM 7.19 under Emacs 21.4.1
From: Andreas Gustafsson <gson@araneus.fi>
Subject: Re: [DNSOP] Review of draft-livingood-dns-redirect-00
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2009 08:50:17 -0000

Stephane Bortzmeyer wrote:
> I regret one thing with SSAC 032: they mix wildcards in the zone and
> lying resolvers. True, they have similarities but also differences
> (for instance, wildcards in a zone follow the DNS protocol, and
> therefore are compatible with DNSSEC) and I'm a bit tired of Slashdot
> discussions starting with "Comcast == Sitefinder".

Another difference compared to Site Finder is that while Site Finder
only added wildcards to the zones of certain top-level domains, "web
error redirection" as described in the draft effectively behaves as if
a wildcard had been added to every single zone in the DNS, not just
every TLD but also the root zone and every zone delegated from the
TLDs, including your own zones.  This is indeed not just Site Finder
all over again - it's far worse, and breaks far more applications than
Site Finder did.
-- 
Andreas Gustafsson, gson@araneus.fi

v2.23.0 | Report a Bug | By Email