To:
dnsop@cafax.se
From:
Paul Vixie <vixie@vix.com>
Date:
21 Sep 2003 19:46:43 +0000
In-Reply-To:
<200309211308.WAA24408@necom830.hpcl.titech.ac.jp>
Sender:
owner-dnsop@cafax.se
User-Agent:
Gnus/5.09 (Gnus v5.9.0) Emacs/21.3
Subject:
Re: caching no-delegation 'nxdomains'?
> > Not sure if this exactly equals ISC semantics but it appears to work here. > > As I explained, It won't work. there are two ways of looking at it. if this were information warfare and if gtld registries were determined to frustrate the expressed and explicit desires of a subset of resolver owners, then you're right, it won't work. however, verisign's position is that "users are free to block site-finder if they don't want it", and in that sense, the patch will work. then there's my log file for .COM alone in the last two hours, which claims: Sep 21 17:51:36 named: enforced delegation-only for 'com' (hotmail2037.com/A/IN) Sep 21 17:51:36 named: enforced delegation-only for 'com' (hotmail2037.com/AAAA/IN) Sep 21 18:06:55 named: enforced delegation-only for 'com' (jachinit.com/A/IN) Sep 21 18:06:55 named: enforced delegation-only for 'com' (jachinit.com/AAAA/IN) Sep 21 18:07:02 named: enforced delegation-only for 'com' (mcconnll.com/A/IN) Sep 21 18:07:03 named: enforced delegation-only for 'com' (mcconnll.com/AAAA/IN) Sep 21 18:20:59 named: enforced delegation-only for 'com' (azal.com/A/IN) Sep 21 18:20:59 named: enforced delegation-only for 'com' (azal.com/AAAA/IN) Sep 21 18:21:09 named: enforced delegation-only for 'com' (compactl.com/A/IN) Sep 21 18:21:10 named: enforced delegation-only for 'com' (compactl.com/AAAA/IN) Sep 21 18:40:09 named: enforced delegation-only for 'com' (infeasib.com/A/IN) Sep 21 18:40:09 named: enforced delegation-only for 'com' (infeasib.com/AAAA/IN) Sep 21 18:55:45 named: enforced delegation-only for 'com' (hotmail2436.com/A/IN) Sep 21 18:55:45 named: enforced delegation-only for 'com' (hotmail2436.com/AAAA/IN) Sep 21 19:04:55 named: enforced delegation-only for 'com' (jacs5074.com/A/IN) Sep 21 19:04:55 named: enforced delegation-only for 'com' (jacs5074.com/AAAA/IN) Sep 21 19:13:24 named: enforced delegation-only for 'com' (cta550.com/A/IN) Sep 21 19:13:25 named: enforced delegation-only for 'com' (cta550.com/AAAA/IN) Sep 21 19:13:31 named: enforced delegation-only for 'com' (cta682.com/A/IN) Sep 21 19:13:31 named: enforced delegation-only for 'com' (cta682.com/AAAA/IN) Sep 21 19:19:37 named: enforced delegation-only for 'com' (sdaf34539d.com/A/IN) Sep 21 19:19:37 named: enforced delegation-only for 'com' (sdaf34539d.com/AAAA/IN) Sep 21 19:21:02 named: enforced delegation-only for 'com' (3450dfc.com/A/IN) Sep 21 19:21:02 named: enforced delegation-only for 'com' (3450dfc.com/AAAA/IN) that was spam that i didn't get because of the root-delegation-only feature we added in BIND this week. so, at at least this level, "it will work." -- Paul Vixie #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.