[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-dnsext-apl-rr-01.txt

To: namedroppers@ops.ietf.org
Subject: Re: draft-ietf-dnsext-apl-rr-01.txt
From: "D. J. Bernstein" <djb@cr.yp.to>
Date: 4 Dec 2000 08:10:56 -0000
Delivery-date: Mon, 04 Dec 2000 05:28:55 -0800
Envelope-to: namedroppers-data@psg.com

I have a web page on this issue: http://cr.yp.to/djbdns/newtypes.html

In short: There is no need for a protocol change. The standards already
make perfectly clear that DNS caches (and AXFR secondaries) must handle
unknown record types. The only problem is that one widespread DNS
implementation is ignoring the standards.

Andreas Gustafsson writes:
> An RR containing compressed names will be silently corrupted if it is
> transmitted as a mere block of bits.

The protocol does not allow that situation to occur in the first place.
Compression is forbidden in new record types. BIND used to screw this up
too, but it hasn't had a problem since version 8.1.2, right?

I strongly object to your draft-ietf-dnsext-unknown-rrs-00. We don't
need more disasters like http://www.cert.org/advisories/CA-2000-20.html.
Handling the compression allowed by the protocol---owner names, NS data,
CNAME data, PTR data, MX data, and SOA data---already takes way too much
code; adding more code to decompress bogus records is a really bad idea.

---Dan

to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.

Prev by Date: Re: draft-ietf-dnsext-apl-rr-01.txt
Next by Date: Re: draft-ietf-dnsext-apl-rr-01.txt
Prev by thread: Re: draft-ietf-dnsext-apl-rr-01.txt
Next by thread: Re: draft-ietf-dnsext-apl-rr-01.txt
Index(es):
- Date
- Thread