On Feb 8, 2017, at 12:25 AM, Mark Andrews <ma...@isc.org> wrote: > And how does the server get the proof of non-existence? It needs > to leak a query.
If it has proof of non-existence for .alt cached, it doesn't need to ask any further questions to deny the existence of any subdomain of .alt. Leaking a query to .alt is harmless.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
