Internet Architecture Board

RFC2850

Re: SiteFinder returns, 1 September 2005

Home»Documents»IAB Correspondence, Reports, and Selected Documents»2005»Re: SiteFinder returns, 1 September 2005
From: Patrik Fältström <paf@cisco.com>
Date: September 1, 2005 10:03:33 GMT+02:00
To: Steve Crocker <steve@stevecrocker.com>
Cc: Thomas Narten <narten@us.ibm.com>, ICANN SSAC <ssac@icann.org>, IAB <iab@ietf.org>
Subject: Re: SiteFinder returns

Steve,

The IAB received from SSAC a mail on August 25 asking the following:

Recommendation (3): There exist shortcomings in the specification of DNS wildcards and their usage. The defining RFCs should be examined and modified as necessary with a focus on producing two results: first, clarification of the use of synthesized responses in DNS protocols; second, provision of additional guidance on the use of synthesized responses in the DNS hierarchy.

We see in this two actions for the IETF:

(1) A clarification of the use of synthesized responses in the DNS protocols

and

(2) Additional guidance on the use of synthesized responses in the DNS hierarchy

The IAB believes that the first question is addressed by the creation of draft-ietf-dnsext-wcard-clarify. This was published as version -08 on July 7 2005, and according to the WG Chair this document will be handed over to the IESG this week (i.e. week of Aug 29 2005).

Regarding the second question, it is recognized that the problem lies within the application layer. More specifically, the problem is that applications are written on the expectation that non-existing domain names are to be indicated by a response code of NXDOMAIN, but instead they get NOERROR when querying the DNS. This can produce unintended and undesirable effects in the application behaviour.

The IAB issued a statement on September 19, 2003, talking about this issue. The statement can be found at http://www.iab.org/documents/docs/2003-09-20-dns-wildcards.html.

Apart from general guidelines, that document outlines issues specific to one case of using synthesized responses in a TLD. Absent technical information clarifying new or different implementations of services using such responses, the IAB doesn’t find any reason to make a new statement.

Patrik Fältström, Liaison to the SSAC