[62315] in North American Network Operators' Group
Re: Change to .com/.net behavior
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Kandra_Nyg=E5rds?=)
Wed Sep 17 14:09:45 2003
From: =?iso-8859-1?Q?Kandra_Nyg=E5rds?= <kandra@foxette.net>
To: <nanog@merit.edu>
Date: Wed, 17 Sep 2003 20:06:51 +0200
Errors-To: owner-nanog-outgoing@merit.edu
From: "David Schwartz" <davids@webmaster.com>
> Returning NXDOMAIN when a domain does not exist is a basic requirement.
> Failure to do so creates security problems. It is reasonable to require
your
> customers to fix known breakage that creates security problems.
I agree completely. However, this is a policy breakage, not a technial one.
Strictly speaking, the com and net zones are perfectly valid, as far as DNS
is concerned.
While I too am outraged by the actions of Verisign, I've decided to NOT
modify my servers in any way.
I might decide to block the sitefinder IP, but I will not change my
nameservers into modifying DNS responses. Doing so would be to break things,
and that is not an acceptable fix even if the other thing is in itself
broken. Of course, YMMV.
- Kandra
