On Wed, 17 Sep 2003, Keith Moore wrote:
People keep saying that something has been broken. But in fact, nothing
has been broken, except false assumptions that were false to begin with.
You're simply wrong, and there have been numerous examples of this.
Sounds like a canard.
NXDOMAIN means the domain isn't in the DNS distributed databse. It
doesn't mean that it isn't registered.
The app doesn't care whether the domain is registered. The app cares whether
the domain exists in DNS, because using DNS to look up the address is the way
the app is designed to work. Putting the domain in DNS is (either implicitly
or explicitly) part of the application protocol.
The app is designed incorrectly. Only mail relays are expected to be able
to route mail.
As Valdis points out, the mail server should look up the address, and upon
connecting to port 25, it finds the mail rejected. A bounce is returned,
as it should be. A bounce would also be returned if there was nothing
listening on port 25. As it should be. There is nothing broken by having
a wildcard, that wasn't broken before by false assumptions.
However, NXDOMAIN hasn't been
wrongly sent. It is not the case that NXDOMAIN _MUST_ be sent. That would
preclude wildcard records.
Wildcard records make a global assertion for an entire zone. This is not
an assertion that VeriSign is entitled to make. VeriSign does not have the
right to make assertions about all unregistered domains in NET or COM.
I think they do. They think they do. Other TLDs think they do. They have
the right to insert records into .net and .com. And they have the
privilege of selling entries in those zones. So, upon what is your
assertion based on?
Further, lack of NXDOMAIN does't mean the record exists. Only NXDOMAIN
has meaning. No NXDOMAIN response means nothing. That is the case we
have.
No the case we have is not the lack of a response. It is a response
containing an A record. That A record is a lie.
No, it is a wildcard. It is no more or less a lie than any other wildcard.
Note that this is not the same problem that VeriSign is causing -
VeriSign is uniformly mis-representing the COM and NET registries and
mis-reporting NXDOMAIN error conditions for these zones as successful
queries, which is not the same thing as producing inconsistent results
depending on who is asking. But it does relate to the question of
whether the DNS is the authority for DNS name information or just a way
of obtaining the information.
It is not _mis-reporting_ anything.
That is precisely what it is doing.
You have yet explain how is it misreporting anything. It in fact
reporting that the domain is available for purchase. How is that
misreporting?
Other TLDs have been doing this for a long time. What are they
misreporting?
--Dean