In message <00767076-fa43-42c0-a4af-39f4e1087...@fugue.com>, Ted Lemon writes: > charset=us-ascii > > On Feb 8, 2017, at 2:42 PM, Mark Andrews <ma...@isc.org> wrote: > > 4. Caching DNS servers SHOULD recognize these names as special and > > SHOULD NOT, by default, attempt to look up NS records for them, > > or otherwise query authoritative DNS servers in an attempt to > > resolve these names. Instead, caching DNS servers SHOULD > > generate immediate negative responses for all such queries. > > > > This clause results in BOGUS or SERVFAIL being returned to the DNS > > application if there is a validator in the return DNS path between > > the caching DNS server and the application. > > So, that is the thing to fix.
And if the service has the same privacy issues as .onion has? So we leak names until every recursive server in the world is validating (what % is that today?) and supports agressive negative caching (still a I-D). Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
