This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
clueing in TLD registries for delegations to non-BIND servers
- Previous message (by thread): clueing in TLD registries for delegations to non-BIND servers
- Next message (by thread): clueing in TLD registries for delegations to non-BIND servers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Brad Knowles
brad.knowles at skynet.be
Fri Feb 7 14:25:24 CET 2003
At 6:42 PM +0100 2003/02/06, Stefan Paletta wrote: > I understand that nsd (as most non-BIND servers) returns SERVFAIL for > questions for which it it does have neither authoritative nor non- > authoritative data (i.e. it is lame) and that this behaviour is RFC- > conformant and certainly best-practice for authoritative-only servers. Best practice? No, I would disagree most vehemently on that. If nsd is doing this, then I believe it needs to be fixed. Handing out a referral to the root zone is no more work than handing out SERVFAIL. > Some TLD registries, however, make unreasonable demands regarding the > behaviour of servers to which they delegate zones. Unreasonable? No, I consider this to be best practice. > These demands are highly questionable -to say the least- and are hard > and sometimes impossible to follow for users of at least tinydns and > nsd. Hard for users of tinydns? Just what is required? Here's what the djbdns FAQ at <http://www.fefe.de/djbdns/> has to say: Tinydns does not answer at all when someone lamely delegates to it? Yes. You can add this line to your data file to simulate BIND behaviour: &::a.root-servers.net While I believe this to be b0rken behaviour, and I definitely ding djbdns for doing this by default, this is not what I would consider to be particularly onerous if you have jumped through all the other necessary hoops, incredibly poor documentation, and bizarre data file formats in order to get djbdns running. Now, for users of nsd, yes this is a serious problem. They are not given any choice. But then, nsd is not useful as a general-purpose authoritative nameserver -- it is designed as a root/TLD nameserver, and anyone who mis-uses or abuses it to try to serve as a general-purpose authoritative nameserver basically gets what they deserve. > I was wondering if RIPE or a group from the RIPE community might > appeal to those registries and try to make them stop acting stupid. I would appeal to the authors of nsd to fix this and to have nsd generate referrals by default. -- Brad Knowles, <brad.knowles at skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
- Previous message (by thread): clueing in TLD registries for delegations to non-BIND servers
- Next message (by thread): clueing in TLD registries for delegations to non-BIND servers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]