Date: Sun, 24 Aug 1997 22:47:20 +0100 From: Brian Somers <brian@awfulhak.org> To: sthaug@nethelp.no Cc: brian@awfulhak.org, mike@smith.net.au, freebsd-hackers@FreeBSD.ORG Subject: Re: Broken resolver/named Message-ID: <199708242147.WAA07834@awfulhak.org> In-Reply-To: Your message of "Sun, 24 Aug 1997 18:24:39 %2B0200." <28457.872439879@verdi.nethelp.no>
next in thread | previous in thread | raw e-mail | index | archive | help
> > So I send a query to my forwarder that asks for "x", and it looks it
> > up ? What's it likely to find ? The worst case would be
> > ``x.demon.co.uk'' (my ISP's domain) which is dumb (and why named
> > disables the LOCALDOM stuff by default). The normal case would be
> > the generation of a load of useless DNS traffic.
>
> How can your resolver know which queries are useless, unless it asks
> the DNS? How can it know that "no" is a valid top level domain, while
> "nx" is not?
>
> > > There's nothing there needs fixing, AFAICT.
>
> Maybe the manual pages, but the resolver itself is doing what it should.
Yep. We shouldn't say that the domain keyword "climbs" the name.
> > Well, if anything, the "domain ..." isn't behaving - it should try
> > x.lan.awfulhak.org, x.awfulhak.org and x.org. I also suggest that
> > "search ..." is broken either in a similar way or because it should
> > behave as I originally suggested.
>
> Read RFC 1535 to see why having this search behavior as default is not
> a good idea (it's a security hole, and generates a lot of unecessary
> traffic).
I agree. It's a bit unintuitive too. But this doesn't explain where
the ``x'' lookup is coming from. This is a bad thing to pass to another
DNS.... who knows who's spoofed us then !
> Steinar Haug, Nethelp consulting, sthaug@nethelp.no
--
Brian <brian@awfulhak.org>, <brian@freebsd.org>
<http://www.awfulhak.org>;
Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708242147.WAA07834>