[dns-operations] query dropping vs. returning nxdomain
Matt Ghali
matt at snark.net
Wed Mar 15 20:11:41 UTC 2006
On Wed, 15 Mar 2006, David Ulevitch wrote:
> YES. Authoritative servers which are reachable have a responsibility to give
> you an answer. One will note that TinyDNS does *not* do this, it drops
> connections rather than providing NXDOMAIN. We took steps at EveryDNS to make
> sure our authoritative servers did not simply drop connections. We opted to
> provide a referral instead of NXDOMAIN for secret and abuse related reasons.
> Either way, we while we probably aren't perfect, we try to cover the important
> things and we're working on the rest. (5 years and counting... heh).
Thank you all for confirming my personal feelings on the subject.
FYI, the cretins perpetrating the dns tricks which prompted my
question have since ceased doing so, under pressure from several
angles.
matto
--matt at snark.net------------------------------------------<darwin><
The only thing necessary for the triumph
of evil is for good men to do nothing. - Edmund Burke
More information about the dns-operations
mailing list