cname quick question

[Jim Reid]

>>>>> "Brad" == Brad Knowles <brad.knowles at skynet.be> writes:

    Brad> 	To me, this has all the smells of a lame delegation,
    Brad> but as you point out, is not.  So, I guess the real question
    Brad> is -- how would you programatically detect a true lame
    Brad> delegation, and not have your detector set off by this false
    Brad> positive?  Maybe you only do it by IP address and not by the
    Brad> host/domain label?

Well I would have thought the tool should just do the Right Thing:
resolve the NS targets, complain if it finds CNAMEs or query the
resulting A/AAAA/A6 record(s) for authoritative answers.

    Brad> 	Hmm.  I guess someone is going to have to write a
    Brad> paper on DNS nameserver fingerprinting, starting with the
    Brad> sort of work previously done on OS fingerprinting using
    Brad> TCP/IP.

Maybe Bill Manning could comment on the methodology he uses for his
quarterly in-addr.arpa survey?

    Brad> 	Oops, I missed that.  Speaking of unusual return
    Brad> codes, what is "VRSN1" in the return codes for this query on
    Brad> all of the *.gtld-servers.net machines?

It's not a return code. VRSN1 is the answer the VeriSign/NSI name
servers give when asked for a Chaosnet TXT record for version.bind.
You'd have to ask the .com folks why they do that. I don't know or
care.