[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: persistent slow loading in Konqueror
From:       Thiago Macieira <thiago.macieira () kdemail ! net>
Date:       2005-01-26 2:46:38
Message-ID: 200501260046.46075.thiago.macieira () kdemail ! net
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


Jason Keirstead wrote:
>On Tuesday 25 January 2005 4:43 pm, Thiago Macieira wrote:
>> Because it was easier to implement it this way. And we're safeguarding
>> ourselves: their DNS servers are buggy, so we won't even try talk to
>> them. Who knows what other bugs they have...
>
>Safeguarding against what? An improper lookup? We are already returning
>nothing, can't get much more improper than that.

I can't disagree. 

Unfortunately for us, DNS is very, very often misconfigured. Nothing 
serious in most occasions. Just take a look at the syslog generated by 
named under a decent traffic. Notice the number of "lame nameserver" 
lines it logs.

I consider dropping packets rude. It's as serious as dropping a TCP SYN 
packet.

And, as I said, it was easier to implement it this way. When I have time 
again, I'll see about adding a second blacklist.

>> Also note that if any program in a network tries an AAAA lookup for a
>> buggy name, it could poison that name for everyone using the same
>> nameserver. There's nothing we can do about it.
>
>Exactly - there is nothing we can do about it. Why should we be
> concerned with their name server software? If it is corrupting their
> AAAA records, that is their problem. But, we can do our best to try to
> resolve the name for the user.

Sorry, I wasn't clear enough. I was referring to another similar but 
unrelated bug. I meant that if the AAAA (IPv6) lookup is answered with 
NXDOMAIN, the *whole* name will be poisoned. Even for A (IPv4) lookups.

But, since that's a rather serious bug, it appears to have been corrected 
on most cases. The most famous example was bbc.co.uk a few years back.

>> Only if you disable IPv6 completely in your machine.
>
>I don't even have it compiled in my kernel. Never have. Likely never
> will.

I wouldn't be so sure.

><rant donotreply="true">

Not replying. But I almost did. :-)

-- 
  Thiago Macieira  -  thiago (AT) macieira (DOT) info
    PGP/GPG: 0x6EF45358; fingerprint:
    E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358

1. On frumscafte, hwonne time_t wæs náht, se scieppend þone circolwyrde 
wundorcræftlíge cennede and seo eorðe wæs idel and hit wæs gód.

[Attachment #5 (application/pgp-signature)]

>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic