NXDOMAIN Resolvers

• Previous message (by thread): NXDOMAIN Resolvers
• Next message (by thread): NXDOMAIN Resolvers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 20, 2022 at 11:00 AM Antonia Affinito <
antoniaaffinito12 at gmail.com> wrote:

> Good morning,
> I am currently analysing the DNS resolvers (local and public ones) in
> terms of protection and performance (in particular their speed).
> I noticed that, in case of a malicious domain name, some local resolvers
> send an NXDOMAIN and others a courtesy page address. Do you know if the
> resolvers (for example TIM, Wind or Fastweb) can return an NXDomain in
> order to protect their clients?
>

Resolvers are capable of rewriting a response to anything they want.  In
the case of filtering out known bad networks, you can find examples of both
rewriting to a courtesy web page and NXDOMAIN.  There is a scheme known as
Response Policy Zone[1] that hasn't been standardized (yet?) but is
available in some recursive DNS software, such as BIND, which lets you do
either.

As for which large operators respond in different ways, I'm afraid I can't
help you there.  I'm not aware of any surveys done of how individual large
operators implement their end user protection services.

[1]: <https://datatracker.ietf.org/doc/draft-vixie-dns-rpz/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220420/62202094/attachment.html>

• Previous message (by thread): NXDOMAIN Resolvers
• Next message (by thread): NXDOMAIN Resolvers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]