[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: persistent slow loading in Konqueror
From: Thiago Macieira <thiago.macieira () kdemail ! net>
Date: 2005-01-26 2:46:38
Message-ID: 200501260046.46075.thiago.macieira () kdemail ! net
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Jason Keirstead wrote:
>On Tuesday 25 January 2005 4:43 pm, Thiago Macieira wrote:
>> Because it was easier to implement it this way. And we're safeguarding
>> ourselves: their DNS servers are buggy, so we won't even try talk to
>> them. Who knows what other bugs they have...
>
>Safeguarding against what? An improper lookup? We are already returning
>nothing, can't get much more improper than that.
I can't disagree.
Unfortunately for us, DNS is very, very often misconfigured. Nothing
serious in most occasions. Just take a look at the syslog generated by
named under a decent traffic. Notice the number of "lame nameserver"
lines it logs.
I consider dropping packets rude. It's as serious as dropping a TCP SYN
packet.
And, as I said, it was easier to implement it this way. When I have time
again, I'll see about adding a second blacklist.
>> Also note that if any program in a network tries an AAAA lookup for a
>> buggy name, it could poison that name for everyone using the same
>> nameserver. There's nothing we can do about it.
>
>Exactly - there is nothing we can do about it. Why should we be
> concerned with their name server software? If it is corrupting their
> AAAA records, that is their problem. But, we can do our best to try to
> resolve the name for the user.
Sorry, I wasn't clear enough. I was referring to another similar but
unrelated bug. I meant that if the AAAA (IPv6) lookup is answered with
NXDOMAIN, the *whole* name will be poisoned. Even for A (IPv4) lookups.
But, since that's a rather serious bug, it appears to have been corrected
on most cases. The most famous example was bbc.co.uk a few years back.
>> Only if you disable IPv6 completely in your machine.
>
>I don't even have it compiled in my kernel. Never have. Likely never
> will.
I wouldn't be so sure.
><rant donotreply="true">
Not replying. But I almost did. :-)
--
Thiago Macieira - thiago (AT) macieira (DOT) info
PGP/GPG: 0x6EF45358; fingerprint:
E067 918B B660 DBD1 105C 966C 33F5 F005 6EF4 5358
1. On frumscafte, hwonne time_t wæs náht, se scieppend þone circolwyrde
wundorcræftlíge cennede and seo eorðe wæs idel and hit wæs gód.
[Attachment #5 (application/pgp-signature)]
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic