On Tue, 16 Sep 2003, Keith Moore wrote:
verisign is masking the difference between a valid domain and
NXDOMAIN for all protocols, all users, and all software.
If you read the Verisign documentation (which is quite excellent by the
way) on what they did and what they recommend you will see that they
thought about this.
In fact, the purpose of the Stubby SMTP daemon is to return a 550 for
non-existent recipient domains.
It is left as an exercise to the reader as to which is more efficient:
DNS NXDOMAIN or SMTP 550.
Although taking note of the returned IP address and reacting accordingly
is roughly equivalent to DNS NXDOMAIN. It just requires an extra step
and more importantly a patched application. Would have been nice to get
some advance notice even if there are other TLDs that have been doing
this for some time. By the way, they do mention the other TLDs in their
It is worth noting that if we are to "pass judgement against" Verisign
there are at least half-dozen other TLDs that blazed the trail. We just
overlooked them because of their size as compared to .NET and .COM.