See the NANOG archives for my post reguarding wildcard caching and set
comparison with additional resolver functionality for requesting if the
resolver wishes to receive wildcards or NXDOMAIN.
oh... that wasn't a joke, then?
there won't be a protocol change of that kind, not in a million years.
Paul Vixie wrote:
oh... that wasn't a joke, then?
there won't be a protocol change of that kind, not in a million years.
It doesn't have to be a protocol change. Strictly an implementation change. It would break less than the current implementation change ya'll made can break. Reguardless of if resolver functionality for application support is included or not doesn't really matter. The ability to tell the recursor to accept or not accept the wildcard records is functional and doesn't care about delegation; strictly if the record returned matched a wildcard set. It preforms the same service that the delegation patches did except it won't break tld's like de.
-Jack
> oh... that wasn't a joke, then?
>
> there won't be a protocol change of that kind, not in a million years.It doesn't have to be a protocol change. Strictly an implementation change.
you are confused. and in any case this is off-topic. take it to namedroppers,
but before you do, please read rfc's 1033, 1034, 1035, 2136, 2181, and 2317.
Paul Vixie wrote:
you are confused. and in any case this is off-topic. take it to namedroppers,
but before you do, please read rfc's 1033, 1034, 1035, 2136, 2181, and 2317.
Can someone please tell me how a change to a critical component of the Internet which has the capacity to cause harm is not an operational issue?
A TLD issues a wildcard. Instead of discovering if records match the wildcard and returning NXDOMAIN (which is what everone wanted), the software was designed to restrict records based on delegation.
Delegation was not broken. The changes made allow engineers to break it. I'd consider this an issue. Reports have already come in of all the various domains that people will mandate delegate-only for. For the record, .museum was listed several times despite the request in documentation to not force delegation, as were other zones.
In fact, many people were confused. They didn't understand what zone delegation was. For the record, I've read all the RFC's you posted. To many, it's an issue of wildcards. Yet BIND didn't solve the wildcard problem. It solved a delegation problem, which was not only "not broken" but has traditional use.
Which "countermeasures" being implemented did the IAB have an issue with? I wonder since their arguement against the wildcards was the fact that it breaks traditional use. BIND now easily breaks traditional use.
-Jack
The fact of the change is operational. The specifics may not be. In
this case, you've gone beyond general operational content and started
to delve into protocol specifications and the implementation thereof
for which there is a dedicated list in which there are people with
quite a bit more average knowledge and experience in the matter than
folks here.
IMO, namedroppers is deffinitely the better forum.