> <t>As mentioned before, there are several ways to implement qname > minimisation. Two main strategies are the aggressive one and the lazy > one. In the aggressive one, the resolver only sends NS queries as long > as it does not know the zone cuts. This is the safest, from a privacy > point of view. The lazy way "piggybacks" on the traditional resolution > code. It sends traditional full qnames and learn the zone cuts from > the referrals received, then switching to NS queries. This leaks more > data but probably requires less changes in the existing resolver > codebase.</t>
One easy strategy could be assuming a zone cut between the root and TLDs, which is a known one, and not sending 4LD and beyond to TLD servers. This would accommodate both 2LD and 3LD delegation TLDs, without much analysis. It would work like this: www.janet.ac.uk <http://www.janet.ac.uk/> Question to root: uk Answer from root: .uk delegated servers Question to .uk delegated servers: janet.ac.uk <http://janet.ac.uk/> Answer from .uk delegated servers: ac.uk <http://ac.uk/> Question to .ac.uk <http://ac.uk/> delegated servers: www.janet.ac.uk <http://www.janet.ac.uk/> Answer from .ac.uk <http://ac.uk/> delegated servers: janet.ac.uk <http://janet.ac.uk/> Question to janet.ac.uk <http://janet.ac.uk/> delegated servers: www.janet.ac.uk <http://www.janet.ac.uk/> Answer from janet.ac.uk <http://janet.ac.uk/> delegated servers: final end node www.ja <http://www.janet.ac.uk/>.net Question to root: net Answer from root: .net delegated servers Question to .net delegated servers: www.ja.net <http://www.ja.net/> Answer from .net delegated servers: ja.net <http://ja.net/> Question to .ja. <http://ac.uk/>net delegated servers: www.ja <http://www.janet.ac.uk/>.net Answer from ja.net <http://janet.ac.uk/> delegated servers: final end node My guess is this would even accommodate cases such as dotless domains (like dk) and in-addr.arpa. Rubens
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
