On Sat, 30 Sep 2006, Mark Andrews wrote:
> >
> > The better approach is for the WG to recommend to the in-addr.arpa
> > maintainer to put in delegations for 168.192.in-addr.arpa et al to be
> > delegated to 127.0.0.1. These delegation records should have the maximum
> > TTL.
>
> Because it also breaks responses to queries from nameservers that
> are NOT using these addresses.
How is that? I don't think it breaks anything: If nameservers (the
users) _really_ don't use those addresses, then they won't be making
those queries. But if they do make those queries (for which they aren't
properly configured), then they should EXPECT to get an error. Indeed,
they SHOULD get an error.
By contrast, AS112 silently gives a "wrong" answer, with no "error". The
answer is wrong because an answer is given to an unanswerable query.
This is bad since it prevents the nameserver operator from learning
about the misconfiguration.
> > This approach has two beneficial effects that AS112 doesn't
> > offer:
> >
> > 1) The nameserver operator with the misconfigured nameserver will begin
> > getting "recursion to self" errors, which will prompt corrective action.
> >
> > 2) The delegation records will be cached on the local nameserver,
> > reducing unnecessary traffic from the misconfigured nameserver.
>
> Because it only works when you get responses *back*. A
> large amout of this traffic is non-repliable by the roots.
The _delegations_ are reply-able. There are currently delegations to
(e.g. 168.192.in-addr.arpa):
168.192.in-addr.arpa. 300 IN NS blackhole-2.iana.org.
168.192.in-addr.arpa. 300 IN NS blackhole-1.iana.org.
This could be changed to give an address of 127.0.0.1. And these
records are cached.
--Dean
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000
.
dnsop resources:_____________________________________________________
web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html
mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
