North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Hey, SiteFinder is back, again...

  • From: Steven M. Bellovin
  • Date: Tue Nov 06 08:23:45 2007

On Mon, 5 Nov 2007 23:46:08 -0800
"Christopher Morrow" <[email protected]> wrote:

> On 11/5/07, Eliot Lear <[email protected]> wrote:
> >
> > Cough.  So, how much is that NXDOMAIN worth to you?
> So, here's the problem really... NXDOMAIN is being judged as a
> 'problem'. It's really only a 'problem' for a small number of
> APPLICATIONS on the Internet. One could even argue that in a
> web-browser the 'is nxdomain a problem' is still up to the browser to
> decide how best to answer the USER of that browser/application. Many,
> many applications expect dns to be the honest broker, to let them know
> if something exists or not and they make their minds up for the upper
> layer protocols accordingly.
> DNS is fundamentally a basic plumbing bit of the Internet. There are
> things built around it operating sanely and according to generally
> accepted standards. Switching a behavior because you believe it to be
> 'better' for a large and non-coherent population is guaranteed to
> raise at least your support costs, if not your customer-base's ire.
> Assuming that all the world is a web-browser is at the very least
> naive and at worst wantonly/knowingly destructive/malfeasant.
> MarkA and others have stated: "Just run a cache-resolver on your local
> LAN/HOST/NET", except that's not within the means of
> joe-random-sixpack, nor is it within the abilities of many
> enterprise/SMB folks, talking from experience chatting up misbehaving
> enterprise/banking/SMB customers first hand. What's to keep the ISP
> from answering: when they ask for or
> or aside from (perhaps) a threat
> of lawyers calling?

Hey -- I can so run a cache/resolver...

More seriously: you're right; most people can't and won't.  But a
majority of customers in that space are using small NATs.  Those
certainly can; in fact, they often do.  It's just that today, they
simply talk to their upstreams, rather than starting from the root and
going down.

		--Steve Bellovin,