[dns-operations] Hearing first complains about failing internal resolving due to .prod TLD

Mark Andrews marka at isc.org
Fri Sep 12 04:35:37 UTC 2014

In message <541271BA.2000703 at redbarn.org>, Paul Vixie writes:
> On 9/11/2014 8:22 PM, Mark Andrews wrote:
> > In message <54125EDC.6000904 at redbarn.org>, Paul Vixie writes:
> >> On 9/11/2014 7:08 PM, Mark Andrews wrote:
> >>> ...
> >>>  
> >>> I just wish I had been able to convince Paul to remove support for
> >>> partially qualified names back when RFC 1535 came out.  We knew
> >>> then that they were a bad idea.  ndots minimises the damage of using
> >>> partially qualified names.  It doesn't remove it.
> >> at the time (1993?) i felt it was best not to break anybody's existing
> >> configuration. that seems insane now.
> > The configuration is *already* broken.  If you are depending upon
> > partially qualified names then they are a time bomb waiting to
> > happen.
> you know what would be cool is if i still used MH and could usefully
> search my e-mail archives to prove that paul vixie and mark andrews just
> now (2014-09-11) repeated almost verbatim a debate we had some time in
> 1993 or 1994. it would not just be funny, but perhaps also depressing,
> and it would save time.
> i believe that the next line of dialogue from this play is:
> vixie: "your definition of 'break' is academic, mine is practical. right
> now the people who are using unqualified names are getting work done and
> they are not calling me to report bugs in the BIND resolver. if i make
> the change you are suggesting, they stop getting work done and they will
> look me up in WHOIS and call my phone."
> like i said this seems insane now. mark was right, we should have broken
> the bad stuff as early as possible.

It isn't impossible.  Emit warnings whenever a partially qualified
name matches and syslog / EventLog it.

"WARNING: The partially qualified name '%s' resulted in a search
list match.  The use of partially qualified names is a unsafe
practice.  Fix your configuration to use the fully qualified name

Linux developers do stuff like this for deprecated system calls
where the user has zero control.  Here the user can correct the
configuration / behaviour.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list