On 5 Oct 2011, at 07:22, Kostas Zorbadelos wrote:
.... Of course, the solution involves NXDOMAIN remapping.
We as technical people are against the idea.
Well duh! :-)
Apart from technical implications that are difficult to explain to non-technical people, we would like to have some arguments supporting our position.
IMO Kostas, technical arguments are probably not going to be heard, no matter how distinguished the DNS experts are. Though one killer argument against NXDOMAIN rewriting could be DNSSEC. First off, it stops this nonsense. Or it reduces the scope for selling adverts when customers switch on DNSSEC or switch to a (paid for?) "secure" DNS resolving service. Next, DNSSEC deployment will be made more tricky for you if there are NXDOMAIN rewriters spreading their special kind of magic inside your network. Increased operating and support costs might support your position. For instance, maybe you'll need an extra DNS infrastructure: a "clean" one to run the network and another to do NXDOMAIN rewriting. [Maybe you'll have yet another for customers who expect a DNS service that doesn't tell lies.] This will of course complicate things and make life difficult for those doing customer support. For instance, what they see with the "clean" DNS is not the same as what the customers see. Bad Things happen to various services like email: mail goes to the IP address that serves up adverts instead of getting bounced. This could have all sorts of nasty legal issues: privacy, lawful intercept, etc. Remember the IAB statement on wildcarding which followed the SiteFinder debacle? However I doubt the beancounters and other members of the B ark will care about any of this. They will be salivating at the prospect of earning zillions from pay-per-click. So I think you need to construct arguments on business grounds: cost/benefit analysis, return on investment, customer support issues, etc. Questions that might be worth asking are how much money has the subsidiary spent on its NXDOMAIN solution, how much revenue it raises, what are the actual operating costs. I expect honest answers to these should settle the issue in your favour. Though the inevitable problem in most organisations is hadly anyone knows what DNS actually costs to run or the business impact of any service disruption.