On Wed, Oct 11, 2006 at 01:03:24PM -0400, Keith Moore <moore@xxxxxxxxxx> wrote a message of 28 lines which said: > In the past month or so I've run across two separate ISPs that are > apparently polluting the DNS by returning A records in cases where > the authoritative server would either return NXDOMAIN or no answers. Today, it is quite common and it becomes more and more common. > Is there anything that IETF as an organization, or IETF > participants, can do to discourage this? Producing a RFC 4084bis is, IMHO, the best way to go. Currently, RFC 4084 does not address this issue, only a related issue: > o DNS support. > Are users required to utilize DNS servers provided by the service > provider, or are DNS queries permitted to reach arbitrary servers? So, there is IMHO a good reason to upgrade the RFC. > To me this is fraud and unfair trade practice in addition to being a > security threat I agree but I believe it may be difficult to have a rough consensus on this one. The RFC 4084 approach (naming things, in a standard way, so that users can at least choose) may be better. Do note that, in some cases I know about (such as Club Internet, the T-online subsidiary in France), the ISP provides a set of normal name servers to the users who want, so they can claim that the user has a choice. Another approach, not incompatible with this one, would be indeed to produce a "Wildcards in DNS *resolvers* considered harmful" RFC. Any volunteer for the first I-D? IMHO, this should be sent to the dnsop WG and discussed there. A starting point may be (do note it addresses wildcards in authoritative name servers, a related, but different, issue) http://www.icann.org/topics/wildcard-history.html where the technical papers raise the various concerns. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf