[dns-operations] Hearing first complains about failing internal resolving due to .prod TLD
Mark Andrews
marka at isc.org
Fri Sep 12 04:35:37 UTC 2014
In message <541271BA.2000703 at redbarn.org>, Paul Vixie writes:
>
> On 9/11/2014 8:22 PM, Mark Andrews wrote:
> > In message <54125EDC.6000904 at redbarn.org>, Paul Vixie writes:
> >> On 9/11/2014 7:08 PM, Mark Andrews wrote:
> >>> ...
> >>>
> >>> I just wish I had been able to convince Paul to remove support for
> >>> partially qualified names back when RFC 1535 came out. We knew
> >>> then that they were a bad idea. ndots minimises the damage of using
> >>> partially qualified names. It doesn't remove it.
> >> at the time (1993?) i felt it was best not to break anybody's existing
> >> configuration. that seems insane now.
> > The configuration is *already* broken. If you are depending upon
> > partially qualified names then they are a time bomb waiting to
> > happen.
>
> you know what would be cool is if i still used MH and could usefully
> search my e-mail archives to prove that paul vixie and mark andrews just
> now (2014-09-11) repeated almost verbatim a debate we had some time in
> 1993 or 1994. it would not just be funny, but perhaps also depressing,
> and it would save time.
>
> i believe that the next line of dialogue from this play is:
>
> vixie: "your definition of 'break' is academic, mine is practical. right
> now the people who are using unqualified names are getting work done and
> they are not calling me to report bugs in the BIND resolver. if i make
> the change you are suggesting, they stop getting work done and they will
> look me up in WHOIS and call my phone."
>
> like i said this seems insane now. mark was right, we should have broken
> the bad stuff as early as possible.
It isn't impossible. Emit warnings whenever a partially qualified
name matches and syslog / EventLog it.
"WARNING: The partially qualified name '%s' resulted in a search
list match. The use of partially qualified names is a unsafe
practice. Fix your configuration to use the fully qualified name
'%s'."
Linux developers do stuff like this for deprecated system calls
where the user has zero control. Here the user can correct the
configuration / behaviour.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list