[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [sitefinder-tech-discuss Home]
Subject: RE: [sitefinder-tech-discuss] Technical issues encountered by a k 12 site
On Wed, 8 Oct 2003, Hollenbeck, Scott wrote: > Wildcards have been a part of the DNS specification since standard 13 (RFCs > 1034 and 1035) was published in 1987. I started my professional life as an > applications programmer; reading protocol specifications and writing code to > implement those specs was part of what I did. If I was writing code to use > the DNS, I'd consider the possibility of receiving a synthesized response > because the possibility is clearly outlined in the resolution algorithm > described in RFC 1034. May I suggest that what you write above isn't really relevant to our issue here. Yes, people write code that doesn't handle all possible cases - I help run a company that does interoperability testing, I see implementation weaknesses all the time. I wonder how much of the net I could bring down if I were, for example, to emit perfectly legitimate fragmented IP packets but with the last fragment going out first. (This isn't simply a hypothetical - Arguments have been put forth that because a receiver doesn't know how big the incoming IP packet is until the last fragment is received, there are potential benefits of sending the last fragment first.) In nicely contained testing labs I have watched previously solidly functioning IP stacks to blow chunks when presented with this totally legitimate traffic stream. I wonder how many DNS resolvers, including resolvers in critical infrastructure equipment, I could crunch were I to set up CNAME or PTR records that mapped DNS names into names with labels composed of interesting combinations of the full range of binary bit patterns, including all zeros and the dot character, as explicitly permitted by the DNS RFCs. The issue is *not* that that there are implementations that don't handle every possible option and every variation of every protocol. The issue *is* that sitefinder changes the practical meaning of DNS responses in a way that leads adequately written applications astray. And as I see it the purpose of this list is to examine how, and if, that change of responses can be deployed in a way that causes zero ill effects on the already deployed based of applications found on the net. --karl--
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [sitefinder-tech-discuss Home]
Powered by eList eXpress LLC