On Mon, 5 Nov 2007 23:46:08 -0800 "Christopher Morrow" <christopher.morrow@gmail.com> wrote:
On 11/5/07, Eliot Lear <lear@cisco.com> wrote:
Cough. So, how much is that NXDOMAIN worth to you?
So, here's the problem really... NXDOMAIN is being judged as a 'problem'. It's really only a 'problem' for a small number of APPLICATIONS on the Internet. One could even argue that in a web-browser the 'is nxdomain a problem' is still up to the browser to decide how best to answer the USER of that browser/application. Many, many applications expect dns to be the honest broker, to let them know if something exists or not and they make their minds up for the upper layer protocols accordingly.
DNS is fundamentally a basic plumbing bit of the Internet. There are things built around it operating sanely and according to generally accepted standards. Switching a behavior because you believe it to be 'better' for a large and non-coherent population is guaranteed to raise at least your support costs, if not your customer-base's ire. Assuming that all the world is a web-browser is at the very least naive and at worst wantonly/knowingly destructive/malfeasant.
MarkA and others have stated: "Just run a cache-resolver on your local LAN/HOST/NET", except that's not within the means of joe-random-sixpack, nor is it within the abilities of many enterprise/SMB folks, talking from experience chatting up misbehaving enterprise/banking/SMB customers first hand. What's to keep the ISP from answering: provider-server.com when they ask for Yahoo.com or Google.com or akamai-deployed-server.com aside from (perhaps) a threat of lawyers calling?
Hey -- I can so run a cache/resolver... More seriously: you're right; most people can't and won't. But a majority of customers in that space are using small NATs. Those certainly can; in fact, they often do. It's just that today, they simply talk to their upstreams, rather than starting from the root and going down. --Steve Bellovin, http://www.cs.columbia.edu/~smb