Date: 24 Jan 2001 17:11:55 -0000
From: "D. J. Bernstein" <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
| Robert Elz writes:
| > We know that NS and MX records work,
| I'd like to see you explain that to the owner of www.monty.de.
I didn't say it wasn't possible to configure them to not work.
I said that they work usually, with any sane configuration.
The wild bouncing of delegations between .DE and .NET that exists
in that case is just too absurd for belief. To the owner of www.monty.de
I'd simply suggest that they go find an ISP who has half a clue how to
set up DNS delegations that work in practice. Let those who don't
just vanish from the scene.
| As for your insane suggestion that caches should stop rejecting poison:
| That wouldn't save www.monty.de; servers don't even _try_ to provide
| out-of-bailiwick glue any more. For example, the .de servers don't know
| the addresses of the monty.de servers (in .norplex.net), and the .net
| servers don't know the addresses of the norplex.net servers (in .de).
Yes, there does seem to have been rather a "going overboard" on
avoiding glue recently. This is an unfortunate effect of the way
the IETF and the markets work - anything that is ever seen as having
some kind of bad effects (in almost any circumstances) is condemned.
Then all traces of that are likely to be burned at the stake, whether
good of bad, needed or not.
It used to be that servers (caches really) would believe any old glue
from anywhere, and treat it as valuable as authoritative data direct
from an authoritative server. That was obviously stupid. So, that
gets fixed, fine. But because we can't trust people to upgrade their
old servers (caches) and we have to save them from themselves, we also
"fix" the servers to not send any glue, except when it is obvious from
simple inspection that it must be required. It has long been known
that delegations each of which name the other's servers breaks with
this overly restrictive glue methodology. If a server knows the address
records (which includes any case where they have been configured into it)
it should be sending them as the DNS specs call for. Then if the
recipient of that information decides that it has better information that
it would prefer to use (or would prefer to obtain more reliable information
from elsewhere) that's its choice.
kre
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
