[dns-operations] EDNS and TLDs

Matthew Pounsett matt at conundrum.com
Thu Nov 17 02:49:53 UTC 2016

On 17 November 2016 at 11:20, Paul Vixie <paul at redbarn.org> wrote:

> > There is a large-ish TLD which has "." as the MNAME in its
> > infrastructure zones (not the TLD itself).  Since are no address records
> > for that label it is a quick and painless way to completely prevent
> > UPDATE messages form ever being sent in the first place.
> yes, and we can see the resulting A and AAAA queries for "." in root
> server query logs. i would very much prefer that you set your SOA MNAME
> to prisoner.iana.org if you want updates to go where they'll do no harm.
> I don't have control over any of the zones that do this, so I'm afraid I
can't change the behaviour.

Since the NOERROR responses for '.' are cachable, I'm not sure I'd classify
the queries as harm.  Certainly there are fewer A/AAAA queries going to the
root than UPDATE messages that would have gone to the TLD as a result.
However, a better choice would probably be setting the MNAME to some
nonexistant domain name under the operator's direct control.

It might be worth noting that IANA requires the MNAME in a gTLD to be a
real host, which guarantees that TLDs see UPDATE noise that they would
rather not receive.  I've always been a little annoyed that no "do not send
updates" signal was never considered when the UPDATE mechanism was codified.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20161117/2b6b989b/attachment.html>

More information about the dns-operations mailing list