lots of misconceptions here today. declan, you ought to pay closer attention. verisign didn't say at the meeting yesterday that they were planning to revive the redirect service, in fact they used the term "if or when" when describing their plans in that area. furthermore they did not commit to a notification period, they only pointed out that 60 to 90 days notice seemed reasonable "if or when" the service was reenabled. check the icann site for transcripts. but wait, it gets better:
If everyone who attends NANOG goes to the 9:15 session on Monday morning and takes a single large tomato into the session with them, that this will make a VISIBLE sign to Verisign.
no, it really won't. straton sclavos' statements about "technical zealots" mean that anything nanog en masse might do has been pre-label-engineered. if anything, bringing a pile of tomatos would just make his point for him, helping to convince the press that only fringe-dwelling pinko loonies have any disagreement with the sitefinder redirection effort. my advice: *don't*. wait, wait, don't tell me:
To change this: what else can we do to prevent this? Does the last BIND version truly break sitefinder?
in my last conversation with a verisign executive, i learned that there is a widely held misconception that the last BIND patch truly breaks sitefinder, and now here you go proving it. the last BIND patch adds a feature, whose default is OFF, that can make non-delegation data from specified domains disappear (or in other cases, non-delegation data from non-specified tld's.) let me just emphasize that the default is OFF. BIND doesn't break sitefinder; nameserver adminstrators break sitefinder. be mindful of that difference! hit D now if you're bored, because i'm still not done:
... I have got to ask just one question. Can these people at Verisign really think that they know better than all of the real experts that have worked with/on the DNS over the years. It seems rather silly to assume that a few people have more knowledge than the collective community.
silly or not, they actually do believe it. verisign positions itself, both in high level discussions with government and security and financial agencies, and in its edgar filings, as being the major brain trust for DNS expertise. (otoh, exodus and abovenet both said the same thing about their BGP expertise so perhaps this is just how things go for publically traded companies.) just one more thing:
While I agree that handling of NXDOMAIN needs to improve, such handling must be done by the application. Popular browsers have already started ...
i think i agree with where this was going, but it would be a fine thing if we all stop calling this NXDOMAIN. the proper term is RCODE 3. when you say NXDOMAIN you sound like you've only read the BIND sources and not the RFC's. NXDOMAIN is a BINDism, whereas RCODE 3 refers to the actual protocol element. -- Paul Vixie