On Wed, Oct 11, 2006 at 01:03:24PM -0400,
Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> wrote
a message of 28 lines which said:
In the past month or so I've run across two separate ISPs that are
apparently polluting the DNS by returning A records in cases where
the authoritative server would either return NXDOMAIN or no answers.
Today, it is quite common and it becomes more and more common.
Is there anything that IETF as an organization, or IETF
participants, can do to discourage this?
Producing a RFC 4084bis is, IMHO, the best way to go. Currently, RFC
4084 does not address this issue, only a related issue:
o DNS support.
Are users required to utilize DNS servers provided by the service
provider, or are DNS queries permitted to reach arbitrary servers?
So, there is IMHO a good reason to upgrade the RFC.
To me this is fraud and unfair trade practice in addition to being a
security threat
I agree but I believe it may be difficult to have a rough consensus on
this one. The RFC 4084 approach (naming things, in a standard way, so
that users can at least choose) may be better. Do note that, in some
cases I know about (such as Club Internet, the T-online subsidiary in
France), the ISP provides a set of normal name servers to the users
who want, so they can claim that the user has a choice.
Another approach, not incompatible with this one, would be indeed to
produce a "Wildcards in DNS *resolvers* considered harmful" RFC. Any
volunteer for the first I-D? IMHO, this should be sent to the dnsop
WG and discussed there. A starting point may be (do note it addresses
wildcards in authoritative name servers, a related, but different,
issue) http://www.icann.org/topics/wildcard-history.html where the
technical papers raise the various concerns.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf