[DNS] *.com.au & *.au.com.au

[DNS] *.com.au & *.au.com.au

From: James Davis <james§tekscape-its.com>
Date: Mon, 24 Jul 2006 22:13:21 +0800
Hi Guys,

Firstly, I'm writing this message NOT as a representative of Austdomains who
I work for, among other companies, this is a personal opinion.

I'm not sure if many of you have noticed, although I'm sure many have.
Recently Auda lifted the ban on registering a domain names that matches
existing top-level domain names. (reference -
http://www.auda.org.au/news-archive/auda-21042006/ )

Ok fair enough, the guy wants to make some money, but there is a particular
behaviour in Microsoft Windows, that if you have a .com.au or .com domain
name - as many LARGE companies do, they generally have the following
settings on there SOE or in GPO

srchlist=local.foo.com.au/foo.com.au/com.au (even without this setting,
certain settings on the network interface cause the same behaviour.

Today at one of the companies I work for, we had a complaint from one of the
guys who runs DNS on the UNIX farm, he was seeing an elevated number of
requests coming from the windows side of the network (2000%). After further
investigation, it wasn't just a problem today, it had been an issue for the
past month or so and had only just been caught.
We soon found out that because .com.com.au and au.com.au have been
wildcarded, they were returning a valid response of 204.x.x.x and hence not
returning NXDOMAIN and failing back to the internal servers. Now before I'm
flamed for incorrect network setup, I wasn't the one who set it up, and the
design has been in place at the company for the past 3 years and working
perfectly. Myself and 2 others spent the rest of today working on a solution
to the problem.

There are a number of causes for this issue,
1.) Even with DNS Suffix Devolution disabled via Group Policy - The setting
is NOT effective unless you are running Windows XP SP2.
    a) This is ONLY valid for Windows 2003 Server - The policy setting is
not in Windows 2000
2.) It's standard MS behaviour, when "Append parent suffixes of the Primary
DNS Suffix" is selected.
3.) Even with the srchlist limited to local.foo.com.au/foo.com.au, the
results are the same.

And finally the main cause of the problem is the fact that .com.com.au and
.au.com.au have been wildcarded to return a result whereas before they would
fail and fall back to the dns servers for "foo.com.au" which would then
forward the requests back to the dns servers for local.foo.com.au

Upon further checking, we found that there were several other companies,
both large and small that were affected by this behaviour.
As stated above, we've taken steps to rectify the situation, why dns queries
were allowed out in the first place is unknown to the current staff, other
than it was in the design plan. Although, I believe it may have had
something to do with the split dns system in place.

And finally, who in their right mind at auda, allowed this policy to be
passed.. It's idiotic.


I welcome anyone's opinions, and to find out if anyone else has seen the
above behaviour, and if there's anything we can do to petition Auda to
actually consider third party applications before they do something like

Kind Regards
James Davis 
Received on Mon Jul 24 2006 - 14:13:21 UTC

This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:08 UTC