DNS/実装/KnotDNS/badCDNsについて、ここに記述してください。

https://www.mail-archive.com/search?l=dnsop@ietf.org&q=subject:%22Re\%3A+\[DNSOP\]+comments+on+dnsop\-qname\-minimisation\-02%22&o=newest
----

## How it deals with bad CDNs

The query is `who.ami.here.com. A`

1. It's going to ask at `.` to `com. NS` and get a referral
2. it's going to ask `com.` nameserver about `here.com. NS` and get a referral

... see the pattern, it just appends labels, but bear with me

3. We're asking `here.com` nameserver about `ami.here.com. NS` , but he's a prick and tells us 'NXDOMAIN'.

In real world, we **would** know that there is nothing at or below it, but with some CDNs it's **a lie**.
So we turn off the minimization and requery the full name `who.ami.here.com A`, now it's going to either
refer us to final nameserver or give us `NXDOMAIN` again.

If (a), we leaked some information to the parent nameserver, if (b) it was reliable and we wasted an extra query.
In real world it doesn't happen that often since `NS com.` is authoritative for `<1-2 labels>.com` etc., but it happens
with CDNs where you suddenly jump 2 or more labels.

## How does it deal with a truckload of labels (IPv6 PTR records)

Fortunately, since root nameservers give us an authoritative answer to `arpa.`, we turn off minimization afterwards.
Yes, this leaks information to `arpa.`.

Most of the names with many labels don't actually have search path this long (it often jumps several labels per referral), or
end up covered by a wildcard. In any way, you need to follow the referral chain anyway even if you don't minimize.