Paul Wouters wrote: > > OLD: > 1) some stupid application asks for "mail" > 2) some resolver library interprets this as unqualified (maybe because > it did not resolve from the root), adds its own search domain > ".example.com" > and re-queries. > 3) resolver finds IP for mail.example.com and returns it > 3) stupid application happy > > NEW: > 1) some stupid application asks for "mail" > 2) same resolver library, now finding mail exists, does not add > search domain ".example.com" and returns NXDOMAIN. 3) stupid > application fails > > No, i do not know how common or uncommon or important/unimportant this > is. We would only know once this fails.
i can only repeat what you quoted: On Tue, 26 May 2015, Paul Vixie wrote: > > yes. i wrote a lot of the 15-year-old code in question. (actually some > of it is 25 years old.) NOERROR vs. NXDOMAIN doesn't matter. all that > matters is that there is no AAAA or A RR at "MAIL.", and that's already > a rule, so what we're discussing here (your mail.corp.com example) will > not be impacted. that is, NOERROR and NXDOMAIN have the same fallback path in the era you're worried about. -- Paul Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop