In message <20170204021353.gf67...@mx2.yitter.info>, Andrew Sullivan writes: > On Fri, Feb 03, 2017 at 08:54:59PM -0500, Ted Lemon wrote: > > On Feb 3, 2017, at 8:51 PM, Andrew Sullivan <a...@anvilwalrusden.com> wrote: > > > If the resolver "has a local zone for alt" -- I think this means it is > > > authoritative for that zone -- why would it ask the root about it at > > > all? > > > > As long as the stub resolver isn't validating, it's no problem. If it is > > validating, t > hen the recursive resolver can't fool the stub resolver if there's a secure > denial of ex > istence. > > > > Right, that's always been the problem with using this _for the DNS_. > Homenet has no choice in that, because the whole point of the homenet > name is precisely to enable in-homenet DNS without reference to the > global DNS. I think you're quite correct that we need to decide > whether alt is to be used for those purposes. I'm not convinced > that's so useful.
It's a problem for ALL special names. BOGUS / SERVFAIL isn't the response leaked names should get. Its bad engineering. > A > > -- > Andrew Sullivan > a...@anvilwalrusden.com > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
