inline On Tue, 16 Sep 2003, Bruce Campbell wrote: > On Tue, 16 Sep 2003, Edward Lewis wrote: > > > At 14:18 +0100 9/16/03, Zefram wrote: > > >It is necessary that the wire protocols distinguish between existence and > > >non-existence of resources in a standard manner (NXDOMAIN in this case) > > >in order to give the client the choice of how to handle non-existence. > > [ on dns not the best choice for authoritative non-existence ] > > > are not in the reverse DNS map. So, to those who were relying on DNS > > for "existence" or "legitimacy," perhaps they need to consider an > > alternate method. (Namely something like whois or crisp.) > > I'm not sure whether thats a good idea. The main fuss at the moment, > apart from Verisign acting without consultation, is that a lot of > automated software makes the assumption that 'NXDOMAIN' means 'Does Not > Exist'. Adding the wildcard removes this assumption, and removes DNS as a > useful stateless low-overhead method of existence-verification. Err, actually, its the opposite that they are assuming. They assume that lack of an NXDOMAIN means the domain does exist. That is an invalid assumption. > For these items of software to change from using a stateless method of > existence-verification with low overhead, to using a semi-stateless method > of existence-verification with high overhead, is something akin to the Y2K > bug in scope, albeit without all the hype. The correct way to check for "domain existance" for email is to lookup an MX record. > Operationally, having one's not-low-overhead whois server being hit by > automated queries solely for existence-verification is a terrible state of > affairs. One shouldn't be doing whois queries. One just wants to know if the domain of the sender can receive email, back. --Dean