On Wed, 17 Sep 2003, Keith Moore wrote: > > People keep saying that something has been broken. But in fact, nothing > > has been broken, except false assumptions that were false to begin with. > > You're simply wrong, and there have been numerous examples of this. Sounds like a canard. > > NXDOMAIN means the domain isn't in the DNS distributed databse. It > > doesn't mean that it isn't registered. > > The app doesn't care whether the domain is registered. The app cares whether > the domain exists in DNS, because using DNS to look up the address is the way > the app is designed to work. Putting the domain in DNS is (either implicitly > or explicitly) part of the application protocol. The app is designed incorrectly. Only mail relays are expected to be able to route mail. As Valdis points out, the mail server should look up the address, and upon connecting to port 25, it finds the mail rejected. A bounce is returned, as it should be. A bounce would also be returned if there was nothing listening on port 25. As it should be. There is nothing broken by having a wildcard, that wasn't broken before by false assumptions. > > However, NXDOMAIN hasn't been > > wrongly sent. It is not the case that NXDOMAIN _MUST_ be sent. That would > > preclude wildcard records. > > Wildcard records make a global assertion for an entire zone. This is not > an assertion that VeriSign is entitled to make. VeriSign does not have the > right to make assertions about all unregistered domains in NET or COM. I think they do. They think they do. Other TLDs think they do. They have the right to insert records into .net and .com. And they have the privilege of selling entries in those zones. So, upon what is your assertion based on? > > Further, lack of NXDOMAIN does't mean the record exists. Only NXDOMAIN > > has meaning. No NXDOMAIN response means nothing. That is the case we > > have. > > No the case we have is not the lack of a response. It is a response > containing an A record. That A record is a lie. No, it is a wildcard. It is no more or less a lie than any other wildcard. > > > Note that this is not the same problem that VeriSign is causing - > > > VeriSign is uniformly mis-representing the COM and NET registries and > > > mis-reporting NXDOMAIN error conditions for these zones as successful > > > queries, which is not the same thing as producing inconsistent results > > > depending on who is asking. But it does relate to the question of > > > whether the DNS is the authority for DNS name information or just a way > > > of obtaining the information. > > > > It is not _mis-reporting_ anything. > > That is precisely what it is doing. You have yet explain how is it misreporting anything. It in fact reporting that the domain is available for purchase. How is that misreporting? Other TLDs have been doing this for a long time. What are they misreporting? --Dean