[dns-operations] The strange case of fox.com

Mark Andrews marka at isc.org
Sun Feb 28 22:37:12 UTC 2016

In message <87io18eb7d.fsf at mid.deneb.enyo.de>, Florian Weimer writes:
> * Stephane Bortzmeyer:
> > On Sun, Feb 28, 2016 at 07:54:57PM +0100,
> >  Florian Weimer <fw at deneb.enyo.de> wrote 
> >  a message of 30 lines which said:
> >
> >> Both BIND and Unbound do not seem to copy very well with this (in
> >> the sense that future queries fail after the NS query for some
> >> time).
> >
> > So, it may break with QNAME minimisation?
> Depends on how it's implemented.  I would reuse the QTYPE for the
> probing.  If it's implemented with NS-based probing, sure, things
> would break in horrible ways.  But there are other interoperability
> issues with NS-based probing because it's such an untested features
> for most authoritative server implementations (beyond the major
> general-purpose ones).

Using QTYPE leaks information.  Using NS doesn't.  As for it being
untested that is a solvable problem.  Run some tests.  Complain
when the lookups fail.  Proceed to follow the rest of the steps
outlined in RFC 1033 for dealing with broken nameservers.

The rules aren't "on display at the bottom of a locked filing cabinet
stuck in a disused lavatory with a sign on the door saying beware
of the leopard".


> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list