On Sep 17, 2014, at 6:01 PM, Jimmy Hess <mysidia@gmail.com> wrote:
On Wed, Sep 17, 2014 at 11:09 AM, Jay Ashworth <jra@baylink.com> wrote:
The latter would seem to be avoidable by making sure that *DNS resolution of bare TLDs always returns NXDOMAIN*. [snip]
Not NXDOMAIN. When TLD. is looked up, they should always return NOERROR.
Well… A TLD which does not exist should return NXDOMAIN. For example, if I do a query for .NONEXISTANTTLD., then I should get NXDOMAIN… Owens-MacBook-Pro:Downloads owendelong$ dig NONEXISTANTTLD. ; <<>> DiG 9.8.3-P1 <<>> NONEXISTANTTLD. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64254 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;NONEXISTANTTLD. IN A ;; AUTHORITY SECTION: . 3600 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2014091701 1800 900 604800 86400 But for any TLD which exists, yes. Owen