Ignore MisbehavingServers rather than fail with an error

Joshua Root jmr at macports.org
Tue Jan 3 08:32:33 PST 2012


On 2012-1-3 17:11 , Daniel J. Luke wrote:
> On Jan 2, 2012, at 5:47 PM, Ryan Schmidt wrote:
>> These types of broken DNS servers are obviously not going away
> 
> Are you sure?
> 
> if people start implementing dnssec (and we get dnssec validation in the stub resolver in the OS), this kind of stupidity can't happen...
> 
> (of course, it's possible that dnssec never gets widely deployed, or that people never end up doing validation on end hosts, but only in some recursive resolvers).
> 
>> we should not punish users who have broken DNS servers
> 
> for the good of the internet, maybe we should (or at least print out some warning saying a possible broken DNS server has  been detected)
> 
>> and make them uniquely responsible for shouldering the burden of reporting these problems to us. Instead we should afford them the same convenience users with compliant DNS servers have.
> 
> ... but for the good of our end-users, I agree we want to provide the best experience possible (so if we can detect and work around the issue, I'm all for doing so).

How are you planning to tell which checksum mismatches are from bad DNS
lookups and which are from a stealth update or broken proxy? Downloading
the distfile from every one of the potentially dozens of mirrors is not OK.

- Josh


More information about the macports-dev mailing list