What DNS Is Not

David Conrad drc at virtualized.org
Thu Nov 26 15:38:48 CST 2009


Dan,

On Nov 26, 2009, at 10:25 AM, Dan White wrote:
> On 26/11/09 07:37 -0800, David Conrad wrote:
>> There are folks on this list who work for ISPs which are doing wildcards/synthesis/etc.  They (or, more likely their management) can tell you there are obvious business reasons why they do wildcards/synthesis/etc.  Perhaps I'm overly cynical, but I suspect that until those business reasons go away, shining a flash light will probably just result in more ISPs implementing wildcards/synthesis/etc. 
> 
> That's a disagreement we'll have to have. Anytime this issue has been brought
> up in a public setting (here, slashdot, etc.) has resulted in terrible press
> and even corrective action. In particular, Network Solutions' attempt to
> at this at the .com level was corrected.

Right.  And since then, ICANN has contractually disallowed gTLD registries from doing SiteFinder like services (unless they can demonstrate such a service won't have a negative security/stability impact).  However, as I said, ICANN has no control over what ccTLDs do and there are 12 doing wildcards/synthesis/NXDOMAIN redirection/etc. as I type this, namely:

CG (Congo) -- Web redirects to the registry website to register a .CG domain.
KR (South Korea) -- If it is a non IDNA-encoded IDN, converts to IDNA. For ASCII, generates a “fake” page-not-found error for web requests.
NU (Niue) -- Web requests solicit you to register the domain.
PH (Philippines) -- Web requests solicit you to register the domain.
PW (Palau) -- File not found error. Uses an invalid SSL certificate.
RW (Rwanda) -- Connection time out (wildcard site is down)
ST (Sao Tome) -- Web requests solicit you to register the domain. Uses an invalid SSL certificate.
TK (Tokelau) -- Connection refused (wildcard site is down)
VG (Virgin Is., UK) -- Web requests solicit you to register the domain.
VN (Viet Nam) -- Web requests solicit you to register the domain.
WS (Samoa) -- Web requests solicit you to register the domain.
CN (China) -- Uses synthesis for IDN labels. Returns NXDOMAIN for ASCII labels.

However, that's different than what I thought we were talking about.  I thought we were talking about ISPs doing wildcards/synthesis/NXDOMAIN redirection/etc.  There are a number of ISPs that do this, some of which are quite well known (there is even an Internet Draft on the techniques, see http://tools.ietf.org/html/draft-livingood-dns-redirect-00).  Pretty large flash light...

Regards,
-drc





More information about the NANOG mailing list