From owner-freebsd-hackers Sun Aug 24 14:48:10 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id OAA23640 for hackers-outgoing; Sun, 24 Aug 1997 14:48:10 -0700 (PDT) Received: from awfulhak.demon.co.uk (awfulhak.demon.co.uk [158.152.17.1]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA23635 for ; Sun, 24 Aug 1997 14:48:02 -0700 (PDT) Received: from awfulhak.org (dev.lan.awfulhak.org [10.0.1.5]) by awfulhak.demon.co.uk (8.8.5/8.8.5) with ESMTP id WAA02794; Sun, 24 Aug 1997 22:47:21 +0100 (BST) Received: from dev.lan.awfulhak.org (localhost [127.0.0.1]) by awfulhak.org (8.8.7/8.8.6) with ESMTP id WAA07834; Sun, 24 Aug 1997 22:47:20 +0100 (BST) Message-Id: <199708242147.WAA07834@awfulhak.org> X-Mailer: exmh version 2.0zeta 7/24/97 To: sthaug@nethelp.no cc: brian@awfulhak.org, mike@smith.net.au, freebsd-hackers@FreeBSD.ORG Subject: Re: Broken resolver/named In-reply-to: Your message of "Sun, 24 Aug 1997 18:24:39 +0200." <28457.872439879@verdi.nethelp.no> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 24 Aug 1997 22:47:20 +0100 From: Brian Somers Sender: owner-freebsd-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > So I send a query to my forwarder that asks for "x", and it looks it > > up ? What's it likely to find ? The worst case would be > > ``x.demon.co.uk'' (my ISP's domain) which is dumb (and why named > > disables the LOCALDOM stuff by default). The normal case would be > > the generation of a load of useless DNS traffic. > > How can your resolver know which queries are useless, unless it asks > the DNS? How can it know that "no" is a valid top level domain, while > "nx" is not? > > > > There's nothing there needs fixing, AFAICT. > > Maybe the manual pages, but the resolver itself is doing what it should. Yep. We shouldn't say that the domain keyword "climbs" the name. > > Well, if anything, the "domain ..." isn't behaving - it should try > > x.lan.awfulhak.org, x.awfulhak.org and x.org. I also suggest that > > "search ..." is broken either in a similar way or because it should > > behave as I originally suggested. > > Read RFC 1535 to see why having this search behavior as default is not > a good idea (it's a security hole, and generates a lot of unecessary > traffic). I agree. It's a bit unintuitive too. But this doesn't explain where the ``x'' lookup is coming from. This is a bad thing to pass to another DNS.... who knows who's spoofed us then ! > Steinar Haug, Nethelp consulting, sthaug@nethelp.no -- Brian , Don't _EVER_ lose your sense of humour....