[dns-operations] Too Open (Was: OpenDNS makes your Internet work better
paul at vix.com
Wed Jul 12 17:36:50 UTC 2006
> > 3. because i want to keep DNS open to non-web applications.
> I want to point out what we're releasing today in a test form for greater
> things to come:
> I hope this takes care of issues #1, #2, and #3.
no, it won't take #3 off the table, since it's not the prefs i select which
give rise to #3 -- rather, it's the prefs others select. the mere existence
and availability of, as well as the default of, a feature whereby NXDOMAIN is
remapped to NOERROR/ANCOUNT>0 with an A RR pointing at an "ad server" will
have the effect of disincenting future non-web applications from using DNS.
the thinking is, "if this name is wrong, i'm going to get back a funny A RR
rather than an NXDOMAIN, which i'll then have to code workarounds for."
> This should also make clear that a Site Finder comparison is inappropriate.
according to http://www.icann.org/committees/security/ssac-report-09jul04.pdf
and http://www.iab.org/documents/docs/2003-09-20-dns-wildcards.html, the above
stated concern also applied to sitefinder.
> Back to our regularly scheduled DNSSEC threads... ;-)
not so fast.
More information about the dns-operations