RE: [sitefinder-tech-discuss] Technical issues encountered by a k 12 site

["Hamilton, Kent" <KHamilton@Hunter.COM>]

Andrew,

Your suggestion to Jeremy's Microsoft issue has no basis in reality.

Jeremy has a student machine that is trying to find his teachers machine
which is not in DNS only in NetBIOS.  Student machine resolver asks for
"teacher.someplace.k12.edu" in the hosts file, no answer, it then asks for
it from DNS which returns your wildcard record, machine attempts to contact
your sitefinder host with NetBIOS, network down because nobody can reach
anyone.  In the correct implementation it gets NXDOMAIN from DNS and then
looks in NetBIOS for "teacher.someplace.k12.edu" and gets the correct
response and connections to the machine. 

The best technical solutions I know of are to either:
1) Put in a DNS server that knows about all the machines (and by my
preference has the delegation-only hack in it).
2) Change the name resolution order on EVERY PC in the network using a
registry hack. There used to be a tech note on Microsoft's site on how to do
this. I haven't used NetBIOS in a long time but I'd assume it still exists. 


> -----Original Message-----
> From: Andrew Newton [mailto:anewton@verisignlabs.com] 
> Sent: Tuesday, October 07, 2003 9:08 PM
> To: Jeremy_Powell@sbcss.k12.ca.us
> Cc: sitefinder-tech-discuss@lists.elistx.com
> Subject: Re: [sitefinder-tech-discuss] Technical issues 
> encountered by a k12 site
> 
> 
> Jeremy,
> 
> My response is in-line:
> 
> Jeremy_Powell@sbcss.k12.ca.us wrote:
> 
> > 1) Our spam filter utilizes an NXDOMAIN response to recognize
> > non-existent domains and therefore does not allow mail from
> > them.  Some spam is sent this way.  Whois is not an acceptable
> > replacement for this because it is massively inaccurate.
> 
> I agree that nicname/whois is not the correct solution for 
> your problem. 
>   One method this type of check is to compare the result of 
> the forward 
> domain query against the result of a query for the wildcard (e.g. if 
> example.com == *.com).
> 
> > 2) Microsoft name resolution on newer operatin systems goes
> > through the stages of file, DNS, NetBIOS.  For a school district
> > that has implemented a Windows domain that does not exist in DNS
> > and is therefore resolved in the NetBIOS stage, 
> > the wildcard causes resolution of names to cease at the
> > DNS stage because that stage never returns the expected NXDOMAIN.
> > Implementation of a local DNS for the non-existent domain will
> > resolve this.
> 
> There are two solutions for picking a non-existant name for such 
> purposes.  The first is to pick a non-existant name within a domain 
> delegation for which you have control (e.g. if you have been 
> delegated 
> example.com, then use does-not-exist.example.com).  The 
> second solution 
> is to pick a name within the reserved TLD's specified in BCP 32 / RFC 
> 2606.  These TLD's are .example, .test, .invalid, and .localhost.
> 
> -andy
> 
> 
> 
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.elistx.com/unsubscribe>
>