Date: Tue, 8 Dec 1998 00:25:02 -0800 (PST) From: Marc Slemko <marcs@znep.com> To: Tony Kimball <alk@pobox.com> Cc: net@FreeBSD.ORG Subject: Re: resolver behaviour Message-ID: <Pine.BSF.4.05.9812080012100.463-100000@alive.znep.com> In-Reply-To: <13932.37544.359322.844613@avalon.east>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 7 Dec 1998, Tony Kimball wrote: > Quoth Christopher Nielsen on Mon, 7 December: > : As has been stated previously by many others, the solution to this problem > : is NOT to hack the resolver (this is not the location of the problem), but > : to have the domain administrator fix the problem with their broken DNS. > > It's a non-solution, though. A hack can actually ameliorate the > problem, and enhance end-user function, whereas idealism won't even do > that. You can ameliorate whatever you want, but it is NOT a proper solution and does not fix the problem while at the same time having a very high overhead that simply isn't worth it. If a server is listed as authoritative and returning bad responses, then it is broken period. You can add hacks here and there to try to work around some of those cases, but the only solution is for it to be fixed. Hiding the problem doesn't solve it and does not result in a workable long term design. What if NXDOMAIN is the correct answer and it is the server that is returning something else which is broken or out of date? If some servers improperly return NXDOMAINs, it is quite likely they will also return other bogus information. Your suggestions would significantly increase nameserver traffic for absolutely no good reason. Take a look at traffic on a real network someday; I think you will be suprised by the number of NXDOMAINs. Your proposal significantly reduces the ability to scale nameservers just by adding another machine, since the total load will be increased simply by having more listed. There is a fundamental assumption in DNS that an authoritative nameserver is either authoritative with correct information or not authoritative at all. It is a fundamental flaw in the design or implementation of DNS services if a server is authoritative with incorrect information. False NXDOMAINs are only a very very small part of the problems that exist in this situation. In the real world, adding hacks upon hacks upon hacks designed to deal with all sorts of special cases ends up breaking more than it fixes. All these little hacks may look like good ideas on the surface, but that doesn't mean they are. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9812080012100.463-100000>