Re: DNS pollution

[Stephane Bortzmeyer <bortzmeyer at nic.fr>]

On Wed, Oct 11, 2006 at 01:03:24PM -0400,
 Keith Moore <moore at cs.utk.edu> wrote 
 a message of 28 lines which said:

> In the past month or so I've run across two separate ISPs that are
> apparently polluting the DNS by returning A records in cases where
> the authoritative server would either return NXDOMAIN or no answers.

Today, it is quite common and it becomes more and more common.

> Is there anything that IETF as an organization, or IETF
> participants, can do to discourage this?

Producing a RFC 4084bis is, IMHO, the best way to go. Currently, RFC
4084 does not address this issue, only a related issue:

>   o DNS support.
>      Are users required to utilize DNS servers provided by the service
>      provider, or are DNS queries permitted to reach arbitrary servers?

So, there is IMHO a good reason to upgrade the RFC.

> To me this is fraud and unfair trade practice in addition to being a
> security threat

I agree but I believe it may be difficult to have a rough consensus on
this one. The RFC 4084 approach (naming things, in a standard way, so
that users can at least choose) may be better. Do note that, in some
cases I know about (such as Club Internet, the T-online subsidiary in
France), the ISP provides a set of normal name servers to the users
who want, so they can claim that the user has a choice.

Another approach, not incompatible with this one, would be indeed to
produce a "Wildcards in DNS *resolvers* considered harmful" RFC. Any
volunteer for the first I-D? IMHO, this should be sent to the dnsop
WG and discussed there. A starting point may be (do note it addresses
wildcards in authoritative name servers, a related, but different,
issue) http://www.icann.org/topics/wildcard-history.html where the
technical papers raise the various concerns.




_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf