[dns-operations] dotless domains
Fred Morris
m3047 at m3047.net
Sun Sep 23 08:38:47 UTC 2012
I don't understand this entire debate. I am sorry. Can somebody please
frame it?
My understanding is that if there is a rightside dot... that the domain is
"fully qualified".
I know for a fact that, even with the foregoing, if somebody locally
wants to rewrite a domain there is nothing that is going to stop them. I
think this is a feature, not a bug. OK, sure, you could tunnel out to an
"objective" nameserver if you were trapped in the Hotel California, at
least in theory.
But if somebody wants to have
microsoft.my-bad-private-idaho--nobody-knows-about.info: does anybody
outside of Microsoft (r) care? Who cares if they care?
So what, exactly, *is* the security implication?
I suppose the implication is somebody registering webmaster. or info. or
sales. or www. or something else called out in any of a number of RFCs;
ands I would *hope* that that has been dealt with in the current TLD
application process.
So as a thinking exercise let's think about something like "sales".
Somebody types "http://sales/" into their browser. Now if their
resolv.conf has warfarin.com in it, we can at least hope that they will be
directed to sales.warfarin.com. But if they don't.. and there aren't some
commonsense rules, where do they go? What TLD do they get sent to? Is this
decided by who the highest bidder is, or the day of the week, or cycle of
the moon, or what? Commonsense would be that if it doesn't resolve they go
nowhere.
More likely, practically speaking, it will be decided by whatever search
engine has a deal with the makers of their web browser. Where mail goes
may be entirely somewhere... entirely different.
So this is not a DNS question at all.
I dunno, I guess I don't go to enough meetings.
--
Fred Morris
More information about the dns-operations
mailing list