Thus said Shane Hathaway on Wed, 18 Nov 2009 11:01:55 MST:
> I can't resolve folklore.org either. The problem is unrelated to BYU.
The domain is poorly delegated and seriously misconfigured. I'm amazed
that a DNS resolver is able to resolve it at all. RFC 1035 and RFC 1034
clearly define an NS record as a ``host name'' or a ``domain name,'' but
folklore.org's authoritative DNS servers clearly violate this and
publish what appears to be an IP address instead of a name.
>From RFC 1035:
------------------------------------------------------------------------
Section 3.3. Standard RRs
The following RR definitions are expected to occur, at least
potentially, in all classes. In particular, NS, SOA, CNAME, and PTR
will be used in all classes, and have the same format in all classes.
Because their RDATA format is known, all domain names in the RDATA
section of these RRs may be compressed.
<domain-name> is a domain name represented as a series of labels, and
terminated by a label with zero length. <character-string> is a single
length octet followed by that number of characters. <character-string>
is treated as binary information, and can be up to 256 characters in
length (including the length octet).
Section 3.3.11. NS RDATA format
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/ NSDNAME /
/ /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
where:
NSDNAME A <domain-name> which specifies a host which should be
authoritative for the specified class and domain.
NS records cause both the usual additional section processing to locate
a type A record, and, when used in a referral, a special search of the
zone in which they reside for glue information.
------------------------------------------------------------------------
So, given the following information provided by folklore.org's
authoritative DNS servers, what should a DNS resolver do?
dnsq a www.folklore.org 202.157.182.142
1 www.folklore.org:
77 bytes, 1+1+1+0 records, response, authoritative, noerror
query: 1 www.folklore.org
answer: www.folklore.org 3600 A 206.184.208.53
authority: folklore.org 3600 NS 206.184.208.2
Should it treat 206.184.208.2 as a domain name (which is what the RFC
says will be included in an NS record)? Or should it treat it as an
undefined situation? Or should it try to be ``lenient'' on the clueless
admin? Given the latter, what would happen then if someone actually did
happen to own a DNS name of 208.2 and tried to delegate? Would said
``lenient'' software be able to resolve that domain?
Indeed, if you ask the root DNS servers they tell you NXDOMAIN for
206.184.208.2, which they should because nobody currently has that
domain registered.
I'm not at all surprised that some people are able to resolve this
domain while others are not. The domain is clearly broken.
Andy
--
[-----------[system uptime]--------------------------------------------]
1:10pm up 1:55, 2 users, load average: 1.18, 1.18, 1.21
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
