Re: Update of RFC 2606 based on the recent ICANN changes ?

Mon, 07 Jul 2008 15:50:26 -0700 

On Mon, Jul 07, 2008 at 02:25:31PM -0700, Ted Faber wrote:
> On Mon, Jul 07, 2008 at 02:04:31PM -0700, Bill Manning wrote:
> > On Mon, Jul 07, 2008 at 01:44:28PM -0700, Ted Faber wrote:
> > > On Mon, Jul 07, 2008 at 01:38:28PM -0700, Ted Faber wrote:
> > > > On Mon, Jul 07, 2008 at 01:32:10PM -0700, [EMAIL PROTECTED] wrote:
> > also...  
> > % dig version.bind txt chaos @128.9.160.161
> > ;; ANSWER SECTION:
> > version.bind.           0S CHAOS TXT    "9.4.2"
> > 
> >     so - recent resolver code does this trick.
> 
> Fair enough.  Perils of working for ISI, I suppose - modern
> infrastructure.
> 
> Not to argue with someone who's forgotten more about DNS than I know,
> but I was able to get it to work from zig.usc.edu as well. On zig (a
> Linux box talking to an ambiguously identified "USC Bind 9x" server)
> ping needed the trailing dot on hk. to work.  And by "got it to work, I
> mean "typed ping".  I also had no trouble on a FreeBSD machine talking
> to bind 9.3.3.  It works at home, too, but that's also a 9.4.2 bind.
> 
> -- 
> Ted Faber
> http://www.isi.edu/~faber           PGP: http://www.isi.edu/~faber/pubkeys.asc
> Unexpected attachment on this mail? See http://www.isi.edu/~faber/FAQ.html#SIG

        so... the point i was tryig to make was/is:

        simple queries only help if you know:
                ) the version of software running on your caching server
                and
                ) the search list defined by your "resolv.conf" 

        zig.usc.edu,
        boreas.isi.edu,
        luna-base.org,
        ep.net,
        lcs.mit.edu,
        comcast.net,

        all run slightly different caching code and variable search lists.

        you, me, Ted, Keith, John, et.al.  are going to see -slightly- different
        responses  when presenting our individual local caching servers with
        non-terminated DNS strings.

        Japp and Karl both hinted at this problem - local policy  is the worst 
policy,
        except for all the others.  Your local DNS admin can (and occasionally 
they do)
        toss you into a random walled-DNS garden that has only a passing 
similarity to
        what you think of as the "Internet".   
http://www.icann.org/committees/security/sac032.pdf
        is illustrative.  

-- 
--bill

Opinions expressed may not even be mine by the time you read them, and
certainly don't reflect those of any other entity (legal or otherwise).

_______________________________________________
Ietf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf

Reply via email to