On Mon, Jul 13, 2009 at 03:27:56PM +0100, ray.bel...@nominet.org.uk <ray.bel...@nominet.org.uk> wrote a message of 51 lines which said:
> At least when you do it on your recursive servers you're only affecting > your own customers, who in most cases can vote with their wallets when > they don't like it. No, as I explained here: If I type www.doesnotexistatall.com (the SLD does not exist and so I should get a NXDOMAIN), I get the IP address of the ad Web server. If I type wwww.afnic.fr, I will get this IP address as well, since the QNAME does not exist (four 'w' instead of three) despite the fact that the SLD does exist. This is a very serious problem: when rewriting the NXDOMAIN of www.doesnotexistatall.com, you only harm the user. When rewriting the NXDOMAIN of wwww.afnic.fr, you harm the holder of afnic.fr as well, since the ad Web site will appear to be under this SLD. Searching for a zone cut and not rewriting answers when there is a non-delegation domain in the path may be a solution, although I'm not sure it is possible to do it properly. (And I won't try since modifying DNS answers is a bad idea, anyway). > When it's done on the authoritative servers no-one has a choice :( But at least you do not violate the DNS protocol (unlike what the DNS lying resolvers do). _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop