In message <201106202158.p5KLwAxW088140@bartok.nlnetlabs.nl>, Jaap Akkerhuis wr ites:
(Marka) See RFC 1535. Yes, a mistake was made implementing search lists. A RFC was issued to say don't do search lists this way.
Which RFC? What way?
RFC 1535. A Security Problem and Proposed Correction With Widely Deployed DNS Software It had to do with how search lists are constructed and processed. A wildcard record for *.EDU.COM was added it broke communications from COM sites to EDU sites by creating a unexpected match. It is the unexpected match that is the problem not the wildcard though that made *lots* more unexpected matches. If you want the gory detail I can give them to you. It is the unexpected match that is the problem with simple hostnames as global identifiers. People expect global identifiers to work globally and simple hostnames can't in the presence of search lists as they produce unexpected matches.
It would be nice if you would say what you mean instead keep referring to things the reader has to guess.
jaap
Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org