On Feb 7, 2017, at 4:48 PM, Mark Andrews <ma...@isc.org> wrote: > Go add a empty zone (SOA and NS records only) for alt to your > recursive server. This is what needs to be done to prevent > privacy leaks.
No, the recursive server can just cache the proof of nonexistence. I didn't query the root when I did my test—I ran the query through comcast's servers. Worked just fine. Yes, if you configure your local server to lie, that won't work. That's by design.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
