inline
On Tue, 16 Sep 2003, Bruce Campbell wrote:
> On Tue, 16 Sep 2003, Edward Lewis wrote:
>
> > At 14:18 +0100 9/16/03, Zefram wrote:
> > >It is necessary that the wire protocols distinguish between existence and
> > >non-existence of resources in a standard manner (NXDOMAIN in this case)
> > >in order to give the client the choice of how to handle non-existence.
>
> [ on dns not the best choice for authoritative non-existence ]
>
> > are not in the reverse DNS map. So, to those who were relying on DNS
> > for "existence" or "legitimacy," perhaps they need to consider an
> > alternate method. (Namely something like whois or crisp.)
>
> I'm not sure whether thats a good idea. The main fuss at the moment,
> apart from Verisign acting without consultation, is that a lot of
> automated software makes the assumption that 'NXDOMAIN' means 'Does Not
> Exist'. Adding the wildcard removes this assumption, and removes DNS as a
> useful stateless low-overhead method of existence-verification.
Err, actually, its the opposite that they are assuming. They assume that
lack of an NXDOMAIN means the domain does exist. That is an invalid
assumption.
> For these items of software to change from using a stateless method of
> existence-verification with low overhead, to using a semi-stateless method
> of existence-verification with high overhead, is something akin to the Y2K
> bug in scope, albeit without all the hype.
The correct way to check for "domain existance" for email is to lookup an
MX record.
> Operationally, having one's not-low-overhead whois server being hit by
> automated queries solely for existence-verification is a terrible state of
> affairs.
One shouldn't be doing whois queries. One just wants to know if the domain
of the sender can receive email, back.
--Dean
