Paul Vixie wrote:
[EMAIL PROTECTED] (Phil Regnauld) writes:
Question: How do existing implementations react to the presence of a
single, terminal dot ? What if an A record is published for '.' ? I
know it probably won't happen. but I'm also curious to know, and I think
the document should specify this: what is the impact of this on existing
implementations ?
i'm afraid that this will just result in a lot of QTYPE A messages sent to
the authority servers for . asking about ., and a lot of new useless RCODE 3
responses therefrom.
Are you certain? (And does RCODE 3 mean, as I understand it, NXDOMAIN?)
I tried doing just such a query using dig, and got:
; <<>> DiG 9.3.2 <<>> @f.root-servers.net A . +norec
; (2 servers found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47975
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;. IN A
;; AUTHORITY SECTION:
. 86400 IN SOA A.ROOT-SERVERS.NET.
NSTLD.VERISIGN-GRS.COM. 2008062800 1800 900 604800 86400
;; Query time: 3 msec
;; SERVER: 192.5.5.241#53(192.5.5.241)
;; WHEN: Sat Jun 28 16:11:59 2008
;; MSG SIZE rcvd: 92
i think it will not be correctly implemented, just as RFC 2136 was not
correctly implemented, and if people start putting SOA.MNAME="." then it
will just lead to a lot more QTYPE A queries for ".".
Hypothetically speaking, if an actual answer for such a query were
returned, would anything actually *use* the answer?
Again, hypothetically speaking, if an A RR were added for "." , with a
very long TTL, such as 86400000, that would be cached ubiquitously, and
reduce these queries at the root servers, right?
Again, hypothetically, what values for such an A RR would cause benign
behaviour? E.g. 127.0.0.1?
Just thinking *way* outside the box....
Brian
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
