[dns-operations] Handling broken domains...
Joseph S D Yao
jsdy at center.osis.gov
Mon Jul 17 22:08:08 UTC 2006
On Mon, Jul 17, 2006 at 09:21:14AM -0700, David Ulevitch wrote:
> We periodically see really improperly configured domains that users
> expect (rightly so) to resolve.
> Case in point: wholesalehunter.com
> How is this handled elsewhere in other resolver implementations?
> I'm trying to decide how to best fix it.
Canonically, as Vixie said, by doing the above you are doing exactly
what they have told you to do in their configuration. Maybe that's what
OK, so that's a bit far-fetched. The problem with ANY solution that
tries to second-guess what the configuration authors intended is that no
name server implementation yet has the AutoTelepath option, AKA
DWIMNWIS (Do What I Mean, Not What I Say, supposedly implemented in some
version of LISP). I don't know what the implementor meant, although I
can guess. I dare say you don't know (and I mean KNOW, not think you
might know), either. Any guesses we put in as shims will suddenly be
WRONG when they change what they say and/or meant to say. Even slaving
the zone goes bad when all the zone information, including the
authoritative name servers, changes - and you have no way of finding
that out because you have decided that YOU are authoritative.
So what to do? Teach them to fish. Or rather, to understand DNS and Do
The Right Thing. Encourage them to Buy The Books [and read them].
Spend an hour or so on the 'phone with the guy who writes the DNS
configuration and his boss, pointing out (as you did so well in your
message) in detail what happens due to their configuration. Give them
some free consulting time. If you sell it, then give them your card.
It may pay dividends.
It might help if your customers who are anxiously trying to resolve
those domains contacted them first, telling them how MUCH they want to
get to their Web site, but they understand that their DNS is not set up
right, and offering to point them to their source of all DNS knowledge,
Does it scale? Maybe. One may hope that two or three at a time is all
you have to deal with. It worked for me just today [after a few weeks'
of tracking down the right targets in my off moments]. But it doesn't
always, and you may have to tell some folks, sorry, he just isn't doing
it right, there's no way I can help you give him your business.
This message is not an official statement of OSIS Center policies.
More information about the dns-operations