RE: [sitefinder-tech-discuss] Technical issues encountered by a k 12 site

["Hollenbeck, Scott" <shollenbeck@verisign.com>]

> For a change of the scope you made with zero notice?  At 
> LEAST 3 months.
> I'll have to have my test group look at code changes, make 
> the changes, fix
> the ones that break. We have in-house code that you broke for 
> us thank you.

The above touches on a question that I've wanted to ask other application
developers.

Wildcards have been a part of the DNS specification since standard 13 (RFCs
1034 and 1035) was published in 1987.  I started my professional life as an
applications programmer; reading protocol specifications and writing code to
implement those specs was part of what I did.  If I was writing code to use
the DNS, I'd consider the possibility of receiving a synthesized response
because the possibility is clearly outlined in the resolution algorithm
described in RFC 1034.

So -- with wildcards and synthesized responses being a part of the DNS specs
for the last 16 years, why didn't your in-house code account for the
possibility of receiving a synthesized response from the DNS if a
synthesized response can be a problem for you?    I'm trying to understand
how others have interpreted the specifications when writing code and why
they made the decisions they did.  If it's just a matter of "hey, we used
existing libraries and we trust how they work", that's cool.

I'm also asking because something that came up during yesterday's open
meeting with ICANN's Security and Stability Committee was a question about
whether or not the DNS protocol should be updated to provide a way for
clients to know when a response has been synthesized.  Would that be
something that's valuable to application developers?

-Scott-