(as participant)
Yes, that's clearly a broken implementation.
I imagine the DMARC document could say it relies on proper implementations
of 8020, but improper ones are known to be in the wild, and results are
unpredictable when these are encountered. Given the IETF is a standards
organization, o
I agree that NXDOMAIN is the correct test to use for the NP policy, and as
close as we can get to perfection.
As for the reference to RFC 8020, whether NXDOMAIN does or does not exclude
subdomains, the effect on our specification is small. But it does seem
important to not repeat information tha
On June 28, 2022 6:02:54 PM UTC, Todd Herr
wrote:
>On Mon, Jun 27, 2022 at 8:36 PM Douglas Foster <
>dougfoster.emailstanda...@gmail.com> wrote:
>
>> My testing was done more than a year ago. My recollection is that I
>> discovered it based on something in the wild, and then confirmed it with
On Mon, Jun 27, 2022 at 8:36 PM Douglas Foster <
dougfoster.emailstanda...@gmail.com> wrote:
> My testing was done more than a year ago. My recollection is that I
> discovered it based on something in the wild, and then confirmed it with a
> locally-configured experiment. This time I am having
Here is another example:
> 179.0.71.28.plusnetprovedor.net.br
Non-authoritative answer:
Name:179.0.71.28.plusnetprovedor.net.br
Address: 179.0.71.28
> 0.71.28.plusnetprovedor.net.br
0.71.28.plusnetprovedor.net.br: Non-existent domain
> 71.28.plusnetprovedor.net.br
71.28.plusnetprovedor.net
My testing was done more than a year ago. My recollection is that I
discovered it based on something in the wild, and then confirmed it with a
locally-configured experiment. This time I am having trouble finding
examples.
The only one I can verify is from a previous email exchange on this foru
It appears that Todd Herr said:
>Specifically, for which domain name did you query and received an NXDOMAIN
>response, and for which subdomain node of that domain did you query and
>receive resource record(s) in return?
There are a few old buggy name servers that do that, but they're
broken and
On Sun, Jun 26, 2022 at 1:27 PM Douglas Foster <
dougfoster.emailstanda...@gmail.com> wrote:
> Our draft references and repeats RFC 8020, which asserts that
>
> "when a DNS resolver receives a response with a response code of NXDOMAIN,
> it means that the domain name which is thus denied AND ALL T
Our draft references and repeats RFC 8020, which asserts that
"when a DNS resolver receives a response with a response code of NXDOMAIN,
it means that the domain name which is thus denied AND ALL THE NAMES UNDER
IT do not exist."
My testing indicates that this is not correct. NXDOMAIN means tha
