[119702] in North American Network Operators' Group
Re: What DNS Is Not
daemon@ATHENA.MIT.EDU (David Conrad)
Thu Nov 26 16:39:41 2009
From: David Conrad <drc@virtualized.org>
In-Reply-To: <20091126182548.GB4965@dan.olp.net>
Date: Thu, 26 Nov 2009 13:38:48 -0800
To: Dan White <dwhite@olp.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Dan,
On Nov 26, 2009, at 10:25 AM, Dan White wrote:
> On 26/11/09 07:37 -0800, David Conrad wrote:
>> There are folks on this list who work for ISPs which are doing =
wildcards/synthesis/etc. They (or, more likely their management) can =
tell you there are obvious business reasons why they do =
wildcards/synthesis/etc. Perhaps I'm overly cynical, but I suspect that =
until those business reasons go away, shining a flash light will =
probably just result in more ISPs implementing wildcards/synthesis/etc.=20=
>=20
> That's a disagreement we'll have to have. Anytime this issue has been =
brought
> up in a public setting (here, slashdot, etc.) has resulted in terrible =
press
> and even corrective action. In particular, Network Solutions' attempt =
to
> at this at the .com level was corrected.
Right. And since then, ICANN has contractually disallowed gTLD =
registries from doing SiteFinder like services (unless they can =
demonstrate such a service won't have a negative security/stability =
impact). However, as I said, ICANN has no control over what ccTLDs do =
and there are 12 doing wildcards/synthesis/NXDOMAIN redirection/etc. as =
I type this, namely:
CG (Congo) -- Web redirects to the registry website to register a .CG =
domain.
KR (South Korea) -- If it is a non IDNA-encoded IDN, converts to IDNA. =
For ASCII, generates a =93fake=94 page-not-found error for web requests.
NU (Niue) -- Web requests solicit you to register the domain.
PH (Philippines) -- Web requests solicit you to register the domain.
PW (Palau) -- File not found error. Uses an invalid SSL certificate.
RW (Rwanda) -- Connection time out (wildcard site is down)
ST (Sao Tome) -- Web requests solicit you to register the domain. Uses =
an invalid SSL certificate.
TK (Tokelau) -- Connection refused (wildcard site is down)
VG (Virgin Is., UK) -- Web requests solicit you to register the domain.
VN (Viet Nam) -- Web requests solicit you to register the domain.
WS (Samoa) -- Web requests solicit you to register the domain.
CN (China) -- Uses synthesis for IDN labels. Returns NXDOMAIN for ASCII =
labels.
However, that's different than what I thought we were talking about. I =
thought we were talking about ISPs doing wildcards/synthesis/NXDOMAIN =
redirection/etc. There are a number of ISPs that do this, some of which =
are quite well known (there is even an Internet Draft on the techniques, =
see http://tools.ietf.org/html/draft-livingood-dns-redirect-00). Pretty =
large flash light...
Regards,
-drc
