[X4U] Re: Leopard Issues - Some Responses

John Douglass - User douglass at cs.clemson.edu
Wed Dec 5 06:58:01 PST 2007 

On Dec 5, 2007, at 5:52 AM, Daly Jessup wrote:
>
> But then why might it work on his Tiger machine and not on his  
> Leopard machine. If Verizon were doing it, wouldn't they both fail?
>
> Daly

One word answer: NO

Longer answer -- there happens to be more variables then we can control.

As I conceded in a previous post, Tiger and Leopard are using  
different versions of almost all the open source tools that lie  
underneath (primarily libresolv [dns resolver library] and WebKit  
[what Safari is built upon]) and thus may behave differently.  These  
tools don't come from Apple (although admittedly WebKit does come from  
Apple but is a forked version of KHTML so it is not ONLY Apple).

It is easy for me to see how these tools could behave differently  
under what could be may or may not be considered an error condition.   
Remember, the Verizon DNS server is not returning the NXDOMAIN (non  
existent domain error) when the 'host jr' question is asked, it is  
returning NOERROR and not putting anything in the RR (return record).   
It is not an error then, it is simply a return record that is not  
defined.  NXDOMAIN tells the browser that the host wasn't found and  
that  it then applies domain guessing.  NOERROR tells the browser no  
such thing.

Without reviewing the DNS RFCs I'm not sure whether the handling of  
NOERROR without an RR is defined or not (I suspect not), which would  
mean that it could be very implementation dependent.  I suspect the  
behavior change is in the libresolv or related code and not WebKit  
since the original poster said that it worked under Tiger under Safari  
3.0.4, which would use the same version of WebKit as Safari 3.0.4  
under Leopard

NB: brings up an interesting test if the poster who has problems has  
access to Windows -- how does Safari under Windows behave?  MS  
obviously uses different DNS revolver code then does Apple, so it may  
behave entirely different to either of the others.

I will end with the following:

1) I believe the behavior of handling the NOERROR return from DNS may  
have changed.  I also believe it was not Apple, as I'm sure that this  
handler is in one of the open source tools/libraries that OSX is built  
upon.

2) I believe that Verizon is not returning the appropriate DNS  
response since "jr" is NOT an existing domain, and thus the proper  
response should be NXDOMAIN (this is fairly clearly defined in the  
RFCs).

I would be interested in seeing the output from the various commands  
suggested (host, dig, and the tcpdump).  I know more than I care to  
about DNS debugging and tcp packet analysis;  I would be happy to  
attempt to explain the output to others.

-- John

More information about the X4U mailing list