Survey - how many people running ISP nameservers define "minimal-responses" - was Re: What is the deal on missing "Authority Section" and "additional section" from google's DNS servers?
Barry Margolin
barmar at alum.mit.edu
Thu Jul 12 08:16:39 UTC 2012
In article <mailman.1319.1342048311.63724.bind-users at lists.isc.org>,
Mark Andrews <marka at isc.org> wrote:
> In message <barmar-FDFDC6.18551211072012 at news.eternal-september.org>, Barry
> Margolin writes:
> > In article <mailman.1317.1342033147.63724.bind-users at lists.isc.org>,
> > "Michael Hoskins (michoski)" <michoski at cisco.com> wrote:
> >
> > > while it's largely personal preference -- i generally like to "be
> > > conservative in what i send, and liberal in what i accept":
> > >
> > > http://en.wikipedia.org/wiki/Robustness_principle
> >
> > This doesn't refer to quantity, but to how strictly you should adhere to
> > the specification.
> >
> > > it's not violating RFCs to send the full data so it's not technically
> > > "wrong". however, if sending back too much data is known to cause
> > > problems in some cases and can potentially be used against you...then it
> > > seems wise to take the minimal path.
> >
> > As long as you stay under the traditional 500 byte limit, I think you're
> > being conservative enough. "Liberal" would be depending on EDNS0
> > extensions.
>
> EDNS is initiated by the client so there is no issue here.
Not necessarily. The client may initiate EDNS, but a firewall in front
of it could still block the responses.
>
> > However, I think it's reasonable to adhere to the following policy:
> >
> > Caching nameserver: minimal-responses yes. The clients of these are
> > primarily stub resolvers, which probably won't cache the additional
> > data, so it's a waste of bandwidth and could potentially cause problems.
>
> Except for MTA's which know to look for A/AAAA records in the
> additional section. There is no cache poisioning issue with stub
> resolvers as they will be talking to the same recursive servers.
Hence my "primarily" qualifier.
>
> > Authoritative nameserver: minimal-responses no. The clients are almost
> > all caching nameservers, and they'll cache what they can.
> >
> > --
> > Barry Margolin
> > Arlington, MA
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> > unsubscribe from this list
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
--
Barry Margolin
Arlington, MA
More information about the bind-users
mailing list