In message <20130716150721(_dot_)GG29401(_at_)mip(_dot_)aaaaa(_dot_)org>, Ofer
Inbar writes:
What this brings to mind is that we used to have implicit DNS domain
search in the early days of DNS. When edu.com accidentally hijacked
a huge chunk of the Internet, most of the net very quickly got rid of
implicit search, and we got the explicit DNS search feature that many
people are discussing now.
Yes.
Can you (or Ofer) define how you're using the terms "explicit" and
"implicit" in terms of DNS search, and what their relevance is to the
topic of dotless domains? And no, I'm not being snarky, I think part of
the problem here is a fundamental misunderstanding of how the vast
majority of hosts are configured currently.
You're not being snarky, but that indicates that you seem to have
missed my point, which is not about the technical details of how
domain search got changed after the edu.com disaster. My point is
not to make a direct parallel between how domain search changed, and
dotless domains, and you seem to be looking at it in that light.
What this brings to mind is that we had a DNS system that was
vulnerable to the addition of something to the DNS that people had
expected nobody would make the mistake of doing, but it happened and
caused damage, and the net reacted by altering how DNS software works
in order to protect against that damage. At the time, the obvious
defensive change was "don't do implicit domain search". If dotless
domains cause damage as many people here predict, what I'm saying is
that I think we'll react similarly, and that I guess the defensive
change people will widely deploy is to reject A/AAAA/MX records at
the top level.
You really do not need to drill into the specifics of the change from
implicit to explicit domain search in reaction to edu.com, in this
context. So it sounds to me like you have something quite different
in mind. I don't know what you think I was trying to say - it's not
anything I said explicitly, so perhaps you think I was trying to
subtly say something between the lines. To be clear: I wasn't.
-- Cos
It was more than implicit to explicit. It was also trying domains
with dots "as is" first. Domains with perids were treated as fully
qualified until proved otherwise. Unqualified domains were qualified
then tried "as is" if a match was not found.
It is bad to treat domains with periods as partially qualified.
It is bad to treat domains without periods as qualified.
Note it is also more than A, AAAA and MX record at the tld label.
It is also SRV records where they are used with a base name in
a host context.
_http._tcp.tld/SRV is equally bad as tld/A where as
_whois._tcp.tld/SRV would not be a issue as it would point to
the whois service for names that end in .tld.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka(_at_)isc(_dot_)org