: this is nanog@. if you think sitefinder poses an operational problem : then please describe it (dispassionately). if you think there is an : operational thing that ought to be done in response to sitefinder, then : please describe that (dispassionately). the response you included... I brought this issue up (dispassionately) offline at the last NANOG conference. As most everyone knows, the Windows resolver has its share of problems under the hood. Well, we ran into a rather interesting glitch when Verisign did away with the NXDOMAIN. In our internal enterprise, we have DNS search suffixes defined on client workstations. If a user enters a plain hostname it will impute the suffixes automatically to find a matching winner within the various internal subdomains. Never had a problem with it prior to this. However, Microsoft's imputing implementation has an undocumented flaw (at least from the command line that we could determine). If you enter more than 5 search suffixes, the MS resolver, at least in NT and 2000, demonstrates irrational behavior. In this scenario, the resolver will actually append all of the search suffixes, instead of just one at a time, and make one big request with all the domains separated by commas. In our case we had 6 search suffix entries for internal subdomains and the root domain. When a request was made for a plain hostname, the client would send a request that looked like: plainhostname.a.domain.com,b.domain.com,c.domain.com,d.domain.com.e.domain.com,domain.com When our internal DNS server received the request it parsed the root domain as com,domain.com. Our DNS servers, of course, would end up forwarding the request out to the root servers and then receive back the lovely Sitefinder IP address, instead of NXDOMAIN. We actually lost quite a bit of time in remote troubleshooting during an application test out of Amsterdam the day Sitefinder came online because of this issue. We were making internal DNS changes for a test and using dynamic DNS. We were having a user run nslookups from the command line and they kept getting back the bogus Sitefinder address, which we couldn't figure out where it was coming from. (It can pay to stay current on this list) Oddly, the browser still resolved the name correctly in the end and was able to function, even though command line still showed this very strange behavior. When NXDOMAIN returned, the issue disappeared and we haven't tested it again. -- Scott Savage scott(at)thewaystation.com www.thewaystation.com Random Quote: Strange Laws: It is against the law for a monster to enter the corporate limits of Urbana, Illinois.