Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 27 Jun 2023 17:05:13 +0200
From: Rob de Wit <rob.dewit@...sto.com>
Cc: musl@...ts.openwall.com
Subject: Re: Clarification on the NOERROR resolving choices

Op di 27 jun 2023 om 16:36 schreef Rich Felker <dalias@...c.org>:

>
> It's not a matter of whether it's something other than A or AAAA; just
> that you have a wildcard in your search domain path. This will never
> give acceptable results unless your goal is to intercept all lookups
> and have them return the same thing (either NODATA or a fixed
> address).
>
> Rich
>

Thanks for the explanation and quick response.

I'm not sure I agree that NOERROR is a valid response if some other record
is queried for. I mean most other implentations do the other thing so even
if this is the correct way, a lot of compatibility is broken, but that is
up to you guys.

This last bit really shows where we went wrong. I'll remember not to use a
wildcard without a proper subdomain (lightly). If I had a wildcard A in the
domain (without subdomain) it would have broken even more by resulting in
the same address for every host tried.

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.