At 9:38 PM +0100 2003/02/09, Stefan Paletta wrote:
[please do not explicitly send copies of followups to me]
Roger.
The ability to hand out referrals has an administrative overhead and is thus more prone to errors. The recent misconfiguration of NS.EU.NET is a good example for that.
It does require more network traffic, yes. But the specific IP addresses should not be paid attention to by anyone -- all they should record is that they got a response that basically said "Sorry, I don't have this information -- if you like, you may try asking this question of these machines".
Most importantly, responding with a SERVFAIL is RFC compliant.
I am not yet convinced of this. Yes, I've read the namedroppers traffic. But so far as I know, this issue has never been put into a ID, BCP, or standards-track RFC. Therefore, a very small community of people have discussed this issue in very isolated circumstances, and IMO this has not received sufficient review to be considered "RFC compliant".
Are you suggesting that different demands for conformance should be applied to root/TLD nameservers vs. others?
Depends on what you're testing against.
There is btw. nothing in the announcements of and documentation for NSD to suggest that it might not be designed or fit for use as a general-purpose authoritative nameserver.
Understood. However, obviously people are now mis-using it in this fashion (perhaps even at my behest, as a result of my presentation at LISA 2002), otherwise the original report would never have been generated. Therefore, I believe that making this point explicit is a very good idea. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)