On 01/25/2015 09:15 PM, Paul Vixie wrote:> my question is: why do this,
rather than passing a law ("adopting an
> RFC") that reserves these names within the IANA system, such that the
NXDOMAIN
> source can reliably be the IANA root name servers?Dear Paul, We are also trying to "pass that law", and as Hugo said he supported that. Now, even with such a rule, his suggestion still makes sense given our privacy goals: While the IANA root name servers might afterwards be relied upon for the NXDOMAIN, merely asking the IANA root name servers might leak private information (like say, the existence of a particular .onion), especially as the user does not expect to use DNS for those TLDs. So the less we send traffic for those over the network, the better (some harm might have happened already, but we can avoid making it worse). Naturally, query minimization would help here as well, but until that is broadly implemented, just not asking is also a good idea. Furthermore, while we expect this to be rare in the first place, people voiced concern about the additional traffic at the root zone from the pTLDs, so using this configuration we can make sure that doesn't happen (even though I personally can't imagine this to be a real issue in practice). Naturally, you are right in that Hugo's configuration is merely a supporting action, the first and most important thing is getting the draft adopted and thus ensuring the root servers won't have a conflicting definition in the future. Best regards, Christian
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
