Hey, SiteFinder is back, again...

Steven M. Bellovin smb at cs.columbia.edu
Tue Nov 6 13:19:30 UTC 2007

On Mon, 5 Nov 2007 23:46:08 -0800
"Christopher Morrow" <christopher.morrow at gmail.com> wrote:

> On 11/5/07, Eliot Lear <lear at cisco.com> wrote:
> >
> > Cough.  So, how much is that NXDOMAIN worth to you?
> So, here's the problem really... NXDOMAIN is being judged as a
> 'problem'. It's really only a 'problem' for a small number of
> APPLICATIONS on the Internet. One could even argue that in a
> web-browser the 'is nxdomain a problem' is still up to the browser to
> decide how best to answer the USER of that browser/application. Many,
> many applications expect dns to be the honest broker, to let them know
> if something exists or not and they make their minds up for the upper
> layer protocols accordingly.
> DNS is fundamentally a basic plumbing bit of the Internet. There are
> things built around it operating sanely and according to generally
> accepted standards. Switching a behavior because you believe it to be
> 'better' for a large and non-coherent population is guaranteed to
> raise at least your support costs, if not your customer-base's ire.
> Assuming that all the world is a web-browser is at the very least
> naive and at worst wantonly/knowingly destructive/malfeasant.
> MarkA and others have stated: "Just run a cache-resolver on your local
> LAN/HOST/NET", except that's not within the means of
> joe-random-sixpack, nor is it within the abilities of many
> enterprise/SMB folks, talking from experience chatting up misbehaving
> enterprise/banking/SMB customers first hand. What's to keep the ISP
> from answering: provider-server.com when they ask for Yahoo.com or
> Google.com or akamai-deployed-server.com aside from (perhaps) a threat
> of lawyers calling?

Hey -- I can so run a cache/resolver...

More seriously: you're right; most people can't and won't.  But a
majority of customers in that space are using small NATs.  Those
certainly can; in fact, they often do.  It's just that today, they
simply talk to their upstreams, rather than starting from the root and
going down.

		--Steve Bellovin, http://www.cs.columbia.edu/~smb

More information about the NANOG mailing list