To:
"Stuart Kwan" <skwan@Exchange.Microsoft.com>
Cc:
dnsop@cafax.se
From:
Robert Elz <kre@munnari.OZ.AU>
Date:
Tue, 23 May 2000 16:09:56 +1000
In-Reply-To:
Your message of "Fri, 19 May 2000 08:46:37 MST." <19398D273324D3118A2B0008C7E9A569067DF1C8@SIT.platinum.corp.microsoft.com>
Sender:
owner-dnsop@cafax.se
Subject:
Re: root server load and dynamic updates.
Date: Fri, 19 May 2000 08:46:37 -0700
From: "Stuart Kwan" <skwan@Exchange.Microsoft.com>
Message-ID: <19398D273324D3118A2B0008C7E9A569067DF1C8@SIT.platinum.corp.microsoft.com>
Stuart, I'm confused by this part ...
| - To perform the update, the client finds the enclosing zone of the name
| of the relevant RRset
In general, what's being done (modulo whatever security issues arise)
seems like it ought to be fine ... but I don't understand how those of
us here who are noticing these queries and their affects are actually being
hit.
eg: I run the SOA.MNAME server for com.au (munnari.oz.au) and I see lots of
these update attempts in the com.au zone.
But that makes no sense - surely the client is going to be random.com.au
and should be finding the SOA.MNAME for random.com.au instead of for
com.au ?? How does it ever get that extra level up the tree? The same
would apply (even more so) to the .com servers where only NS type delegations
exist (there are a few A and MX only 'delegations' in com.au where the
nearest MNAME would be the one in com.au).
What is the mechanism that the clients are using that is directing them
to upper level servers?
Or is this only happening when someone configures their client as being
bogus.com.au (something which doesn't exist) where the client then discovers
com.au as the nearest enclosing domain?
Should we be encouraging ISPs to filter DNS traffic of their clients onto
the net, and require clients to use an ISP provided forwarder (which would
not forward any update requests) ? That isn't something I'd like to see,
but I don't like all these bogus update requests either.
kre