Survey - how many people running ISP nameservers define "minimal-responses" - was Re: What is the deal on missing "Authority Section" and "additional section" from google's DNS servers?

Michael Hoskins (michoski) michoski at cisco.com
Wed Jul 11 18:58:50 UTC 2012


-----Original Message-----

From: Ted Mittelstaedt <tedm at ipinc.net>
Date: Wednesday, July 11, 2012 11:26 AM
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Survey - how many people running ISP nameservers
define	"minimal-responses"	- was Re: What is the deal on missing
"Authority Section" and	"additional section" from google's DNS servers?

>Great answers to my question, thanks!
>
>So now, what do you guys all run?
>
>I have always followed the principle of "provide the most information
>possible and let the users decide what to ignore" which is why I never
>gave a second thought to providing additional data.

i run minimal-responses externally, and provide full data internally where
bandwidth is cheap and i'm less concerned over use cases.

>But if as Warren said:
>
>"...Many things (correctly (IMO)) ignore the info in additional section
>due to past entertainment with cache poising, etc...."
>
>then what would be best practices for an ISP?

while it's largely personal preference -- i generally like to "be
conservative in what i send, and liberal in what i accept":

http://en.wikipedia.org/wiki/Robustness_principle

it's not violating RFCs to send the full data so it's not technically
"wrong".  however, if sending back too much data is known to cause
problems in some cases and can potentially be used against you...then it
seems wise to take the minimal path.




More information about the bind-users mailing list