> FWIW, I believe that, according to the matching rules in STD 13, > NXDOMAIN is class-bound. This is in fact related to the argument > about how the class selector fails to do what we'd have needed it to: > if you ask a name server that serves two different classes for the > same name about that name, it will need to figure out which class you > are asking about before it can start the label-by-label matching. > There is no guarantee that there's an answer in every class for a name > that is in one class. (If there were, the DNS would be broken today: > the root servers won't give you delegation information about non-IN > classes, as far as I can tell.)
Thanks. The two streams crossed in my head when I read Paul's comment earlier, and I had a bit of a wibble about whether there was some new clever DDoS attack to be had here, but further sober reflection and some questions answered by a colleague suggest that there is not. But even if there were, based on your kind and learned interpretation of the holy writ, it appears that this would not be the place to address it. :) _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
