IAB Architectural statement on the use of wildcards in the DNS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 The Internet Architecture Board has issued a statement on Architectural
 concerns on the use of DNS wildcards.

 The full text is available from
 <http://www.iab.org/documents/docs/2003-09-20-dns-wildcards.html>

 Abstract:
 -----------------------------------------------------------------
 There are many architectural assumptions regarding DNS behavior that are
 not specified in the IETF standards documents describing DNS, but which are
 deeply embedded in the behavior of Internet protocols and applications.
 These assumptions are inherent parts of the network architecture of which
 the DNS is one component.

 It has long been known that it is possible to use DNS wildcards in ways
 that violate these assumptions.

 Recent deployments of DNS wildcards with A records at high levels in the
 DNS tree have shown by experience that the cost of violating these
 assumptions is significant. In this document we provide an explanation of
 how DNS wildcards function, and many examples of how their injudicious use
 negatively impacts both individual Internet applications and indeed the
 Internet architecture itself.

 In particular, we recommend that DNS wildcards should not be used in a zone
 unless the zone operator has a clear understanding of the risks, and that
 they should not be used without the informed consent of those entities
 which have been delegated below the zone.
 ------------------------------------------------------------------
 The contact person for the IAB on this matter is Harald Alvestrand
 <harald@alvestrand.no>.



[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux