[dns-operations] attention yahoo, microsoft, wikipedia, akamai, and akamai customers

Jim Duncan jnduncan at cisco.com
Tue Apr 4 22:18:16 UTC 2006

Stephane Bortzmeyer writes:
> Studying our www.afnic.fr (a CNAME with an out-of-zone RHS), and the
> the queries received by our BIND nameserver ns3.nic.fr (which is
> authoritative for both nic.fr and afnic.fr), we note that one third of
> queries for www.afnic.fr are *not* followed by a query for
> rigolo.nic.fr, the canonical name.
> We can conclude that one third of the resolvers in the wild are not
> paranoid enough. They accept out-of-zone data.

Or they are producing spurious queries.  Maybe they already have the data?


Jim Duncan, jnduncan at cisco.com, +1 919 392 6209
Critical Infrastructure Assurance Group, Cisco Systems, Inc.
Group URL: http://cisco.com/security_services/ciag/.
PGP: DSS 4096/1024 E09E EA55 DA28 1399 75EB D6A2 7092 9A9C 6DC3 1821

More information about the dns-operations mailing list