Hi Guys, Firstly, I'm writing this message NOT as a representative of Austdomains who I work for, among other companies, this is a personal opinion. I'm not sure if many of you have noticed, although I'm sure many have. Recently Auda lifted the ban on registering a domain names that matches existing top-level domain names. (reference - http://www.auda.org.au/news-archive/auda-21042006/ ) Ok fair enough, the guy wants to make some money, but there is a particular behaviour in Microsoft Windows, that if you have a .com.au or .com domain name - as many LARGE companies do, they generally have the following settings on there SOE or in GPO srchlist=local.foo.com.au/foo.com.au/com.au (even without this setting, certain settings on the network interface cause the same behaviour. Today at one of the companies I work for, we had a complaint from one of the guys who runs DNS on the UNIX farm, he was seeing an elevated number of requests coming from the windows side of the network (2000%). After further investigation, it wasn't just a problem today, it had been an issue for the past month or so and had only just been caught. We soon found out that because .com.com.au and au.com.au have been wildcarded, they were returning a valid response of 204.x.x.x and hence not returning NXDOMAIN and failing back to the internal servers. Now before I'm flamed for incorrect network setup, I wasn't the one who set it up, and the design has been in place at the company for the past 3 years and working perfectly. Myself and 2 others spent the rest of today working on a solution to the problem. There are a number of causes for this issue, 1.) Even with DNS Suffix Devolution disabled via Group Policy - The setting is NOT effective unless you are running Windows XP SP2. a) This is ONLY valid for Windows 2003 Server - The policy setting is not in Windows 2000 2.) It's standard MS behaviour, when "Append parent suffixes of the Primary DNS Suffix" is selected. 3.) Even with the srchlist limited to local.foo.com.au/foo.com.au, the results are the same. And finally the main cause of the problem is the fact that .com.com.au and .au.com.au have been wildcarded to return a result whereas before they would fail and fall back to the dns servers for "foo.com.au" which would then forward the requests back to the dns servers for local.foo.com.au Upon further checking, we found that there were several other companies, both large and small that were affected by this behaviour. As stated above, we've taken steps to rectify the situation, why dns queries were allowed out in the first place is unknown to the current staff, other than it was in the design plan. Although, I believe it may have had something to do with the split dns system in place. And finally, who in their right mind at auda, allowed this policy to be passed.. It's idiotic. References: http://forums.whirlpool.net.au/forum-replies-archive.cfm/542677.html http://support.microsoft.com/kb/294785/ http://support.microsoft.com/?id=275553 http://www.auda.org.au/policies/auda-2002-30/ http://www.auda.org.au/news-archive/auda-21042006/ http://www.auda.org.au/document.php?documentid=751 http://technet2.microsoft.com/WindowsServer/en/library/5fe46cef-db12-4b78-94d2-2a0b62a282711033.mspx?mfr=true I welcome anyone's opinions, and to find out if anyone else has seen the above behaviour, and if there's anything we can do to petition Auda to actually consider third party applications before they do something like this. Kind Regards James DavisReceived on Mon Jul 24 2006 - 14:13:21 UTC
This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:08 UTC