J
Jonathan de Boyne Pollard
[This is cross-posted to the same places that the announcement was
multi-posted, in order to save the unsuspecting, who might otherwise have
naïvely trusted it and done as it suggests, any grief.]
KD> Here is our new site. It will take everyone to make it happen.
KD> [...]
KD> all are invited to set their name server info to 64.146.111.234
KD> to join our community or to just look around.
I strongly recommend _not_ changing one's "name server info" to
64.146.111.234. The DNS server listening on that IP address is both grossly
misconfigured and egregiously broken.
One example of its gross misconfiguration is that in response to an "NS" query
for "." it returns a list combining the "." content DNS servers from two
entirely separate "." content DNS service organizations, with itself included
as well (seemingly just for the heck of it). This is a recipe for disaster -
even for a _working_ DNS server software.
One example of its brokenness is that it cannot decide whether domain names
exist or not. Ask it an "A" query for "aroot.pacroot." (the intermediate name
of one of the "." content DNS servers that it lists) and it will return an "A"
resource record. Ask it another type of query for that very same domain name,
and it will respond with either "no such name" or "server failure".
Another example of its brokenness is that in response to queries with the RD
bit set to 0 it returns empty resource record sets, even where the responses
to the same queries with the RD bit set to 1 show that it has the real
(non-empty) answers in a cache, and _even_ where the cached answer would
actually be a "no such name" answer.
Next to the sheer wrongness of the responses that the software used by the
64.146.111.234 DNS server gives and the incompetent way that that DNS server
has been configured, the fact that the content HTTP server for the relevant
web site doesn't have virtual hosting correctly configured and operational
seems relatively minor in comparison.
multi-posted, in order to save the unsuspecting, who might otherwise have
naïvely trusted it and done as it suggests, any grief.]
KD> Here is our new site. It will take everyone to make it happen.
KD> [...]
KD> all are invited to set their name server info to 64.146.111.234
KD> to join our community or to just look around.
I strongly recommend _not_ changing one's "name server info" to
64.146.111.234. The DNS server listening on that IP address is both grossly
misconfigured and egregiously broken.
One example of its gross misconfiguration is that in response to an "NS" query
for "." it returns a list combining the "." content DNS servers from two
entirely separate "." content DNS service organizations, with itself included
as well (seemingly just for the heck of it). This is a recipe for disaster -
even for a _working_ DNS server software.
One example of its brokenness is that it cannot decide whether domain names
exist or not. Ask it an "A" query for "aroot.pacroot." (the intermediate name
of one of the "." content DNS servers that it lists) and it will return an "A"
resource record. Ask it another type of query for that very same domain name,
and it will respond with either "no such name" or "server failure".
Another example of its brokenness is that in response to queries with the RD
bit set to 0 it returns empty resource record sets, even where the responses
to the same queries with the RD bit set to 1 show that it has the real
(non-empty) answers in a cache, and _even_ where the cached answer would
actually be a "no such name" answer.
Next to the sheer wrongness of the responses that the software used by the
64.146.111.234 DNS server gives and the incompetent way that that DNS server
has been configured, the fact that the content HTTP server for the relevant
web site doesn't have virtual hosting correctly configured and operational
seems relatively minor in comparison.