[dns-operations] Hearing first complains about failing internal resolving due to .prod TLD

Daniel Kalchev daniel at digsys.bg
Fri Sep 12 13:56:47 UTC 2014

On 12.09.14 07:35, Mark Andrews wrote:
> In message <541271BA.2000703 at redbarn.org>, Paul Vixie writes:
>> like i said this seems insane now. mark was right, we should have broken
>> the bad stuff as early as possible.
> It isn't impossible.  Emit warnings whenever a partially qualified
> name matches and syslog / EventLog it.
> "WARNING: The partially qualified name '%s' resulted in a search
> list match.  The use of partially qualified names is a unsafe
> practice.  Fix your configuration to use the fully qualified name
> '%s'."

How many end users do you know that look at log files? How many even
know log files exist and where/how to find them?

Would you expect a browser, mail client, IM etc software author to agree
to pop up such a message to the end user?

These will likely first look for a way to silence the warnings.

Likewise, while the SSAC research and recommendations on the topic are
useful for those in the know (mostly, to explain why some of the long
standing presumptions are indeed wrong) --- it is highly unlikely the
general public will be either aware of these findings, able to implement
the suggested solutions or even care....

About the only way to 'fix' this is to implement it in code and
distribute the code as widely as possible. Such fixed code will sure
break many things.. similarly as DNSSEC breaks/identifies bad DNS setups.


More information about the dns-operations mailing list