On Tue, 16 Sep 2003, Edward Lewis wrote:
> At 14:18 +0100 9/16/03, Zefram wrote:
> >It is necessary that the wire protocols distinguish between existence and
> >non-existence of resources in a standard manner (NXDOMAIN in this case)
> >in order to give the client the choice of how to handle non-existence.
[ on dns not the best choice for authoritative non-existence ]
> are not in the reverse DNS map. So, to those who were relying on DNS
> for "existence" or "legitimacy," perhaps they need to consider an
> alternate method. (Namely something like whois or crisp.)
I'm not sure whether thats a good idea. The main fuss at the moment,
apart from Verisign acting without consultation, is that a lot of
automated software makes the assumption that 'NXDOMAIN' means 'Does Not
Exist'. Adding the wildcard removes this assumption, and removes DNS as a
useful stateless low-overhead method of existence-verification.
For these items of software to change from using a stateless method of
existence-verification with low overhead, to using a semi-stateless method
of existence-verification with high overhead, is something akin to the Y2K
bug in scope, albeit without all the hype.
Operationally, having one's not-low-overhead whois server being hit by
automated queries solely for existence-verification is a terrible state of
affairs.
> PPS - Maybe this will raise the need for the CRISP WG to develop a protocol.
I can see a lot of people requesting a low-overhead stateless subset of
crisp/whois.
--
Bruce Campbell I speak for myself.