[dns-operations] [Ext] Nameserver responses from different IP than destination of request

Brian Dickson brian.peter.dickson at gmail.com
Tue Sep 1 01:02:23 UTC 2020


On Mon, Aug 31, 2020 at 5:09 PM Paul Hoffman <paul.hoffman at icann.org> wrote:

> On Aug 31, 2020, at 2:47 PM, Viktor Dukhovni <ietf-dane at dukhovni.org>
> wrote:
> >
> > Quite likely the domains that are completely broken (none of the
> > nameservers respond from the right IP) are simply parked, and nobody
> > cares whether they they actually work or not.
> >
> > The only reason you're seeing queries for them may be that folks doing
> > DNS measurements, query all the domains we can find including the parked
> > ones that nobody actually cares to have working.
>
> These assumptions seem... assumptiony. I'd love to see some data from
> anyone who is collecting it on which NS names or IPs are exhibiting the
> behavior.
>

I don't disagree, but the data would really only be visible to anyone
on-path or at either end of the resolver-to-authority transaction.

I think the only way to get meaningful data would be an active experiment,
involving an authority server (or set of servers) for a domain set up just
this way.
That is the kind of thing that Geoff and George are good at, so if they
want to do such an experiment and let us all know the results, I think that
would be interesting.

But I can't compel them to do that, and absent them choosing to do that, I
think the general consensus is it's fine to let the broken stuff be broken.
(The interesting result would be on the resolver side, as to which
resolvers, if any, accept broken answers, and if possible, inferring the
resolver operator's software being used.)

Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200831/3d4ca1c8/attachment.html>


More information about the dns-operations mailing list