<<<
Chronological Index
>>> <<<
Thread Index
>>>
[wildcard-comments] VeriSign's Use of DNS Wildcarding
- To: wildcard-comments@xxxxxxxxx
- Subject: [wildcard-comments] VeriSign's Use of DNS Wildcarding
- From: "Jonah H. Harris" <jharris@xxxxxxx>
- Date: 07 Oct 2003 09:27:50 -0600
- Cc: twomey@xxxxxxxxx
- Organization: Albuquerque TVI
- Reply-to: jharris@xxxxxxx
- Sender: owner-wildcard-comments@xxxxxxxxx
To Whom It May Concern:
In my experience both using and writing DNS servers I believe that DNS
wildcarding is a very serious issue.
DNS standards and accepted RFCs explicitly define the Name Error (NE)
response for domains that do not exist. Software, both new and legacy,
have implementations that are specific to DNS response codes for not
only error handling, but also logical flow.
>From past experience, we all understand therepercussions of allowing a
single company to influence globally accepted standards for their own
benefit. The SiteFinder service is not new, not special, and can be
implemented in all browsers *very* easily. VeriSign's intentional and
uninhibited deployment of a system which severely affects worldwide
performance is in extremely poor judgment and should be looked upon very
harshly.
I applaud your efforts to maintain industry standards. Thank you for
your time.
Respectfully,
Jonah H. Harris
President/CEO, NightStar Corporation
Board Member/Chief Information Officer, OasisJet, Inc.
Partner/Senior Software Developer, PatchWork Systems, LLC.
UNIX Administrator, Albuquerque TVI
Attached: DNS STD/RFC Segments
==============================
>From STD0013/RFC1034 Section 4.3.4(5)
-------------------------------------
Name servers and resolvers should never attempt to add SOAs to the
additional section of a non-authoritative response, or attempt to infer
results which are not directly stated in an authoritative response.
>From STD0013/RFC1034 Section 5.2.1
----------------------------------
When the resolver performs the indicated function, it usually has one of
the following results to pass back to the client:
- One or more RRs giving the requested data.
In this case the resolver returns the answer in the
appropriate format.
- A name error (NE).
This happens when the referenced name does not exist. For
example, a user may have mistyped a host name.
- A data not found error.
This happens when the referenced name exists, but data of the
appropriate type does not. For example, a host address
function applied to a mailbox name would return this error
since the name exists, but no address RR is present.
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|