To:
"Stuart Kwan" <skwan@Exchange.Microsoft.com>
Cc:
dnsop@cafax.se
From:
Robert Elz <kre@munnari.OZ.AU>
Date:
Tue, 23 May 2000 16:09:56 +1000
In-Reply-To:
Your message of "Fri, 19 May 2000 08:46:37 MST." <19398D273324D3118A2B0008C7E9A569067DF1C8@SIT.platinum.corp.microsoft.com>
Sender:
owner-dnsop@cafax.se
Subject:
Re: root server load and dynamic updates.
Date: Fri, 19 May 2000 08:46:37 -0700 From: "Stuart Kwan" <skwan@Exchange.Microsoft.com> Message-ID: <19398D273324D3118A2B0008C7E9A569067DF1C8@SIT.platinum.corp.microsoft.com> Stuart, I'm confused by this part ... | - To perform the update, the client finds the enclosing zone of the name | of the relevant RRset In general, what's being done (modulo whatever security issues arise) seems like it ought to be fine ... but I don't understand how those of us here who are noticing these queries and their affects are actually being hit. eg: I run the SOA.MNAME server for com.au (munnari.oz.au) and I see lots of these update attempts in the com.au zone. But that makes no sense - surely the client is going to be random.com.au and should be finding the SOA.MNAME for random.com.au instead of for com.au ?? How does it ever get that extra level up the tree? The same would apply (even more so) to the .com servers where only NS type delegations exist (there are a few A and MX only 'delegations' in com.au where the nearest MNAME would be the one in com.au). What is the mechanism that the clients are using that is directing them to upper level servers? Or is this only happening when someone configures their client as being bogus.com.au (something which doesn't exist) where the client then discovers com.au as the nearest enclosing domain? Should we be encouraging ISPs to filter DNS traffic of their clients onto the net, and require clients to use an ISP provided forwarder (which would not forward any update requests) ? That isn't something I'd like to see, but I don't like all these bogus update requests either. kre