In message <653a3403-dfc8-491a-b083-7873d1886...@fugue.com>, Ted Lemon writes: > > On Feb 9, 2017, at 7:48 PM, Mark Andrews <ma...@isc.org> wrote: > > 1) there is too much brokeness out there that returns NXDOMAIN instead > > of a NODATA for a ENT. > > So you're saying that a root nameserver is going to return an incorrect > result? And what does this have to do with intelligent trees?
I'm developing software that will be run on private internets with various degrees of compentence from the adminitrators as well as the public Internet. That private internet may have a ENT for ALT that returns NXDOMAIN. The server has to work in that environment. So NXDOMAIN doesn't stop the query. Even with everything working properly QNAME minimisation DOES NOT STOP THE QUERIES. RFC 4035 + RFC 7816 -> leaks (synthesis of negative answers is banned by RFC 4035) RFC 4035 + RFC 7816 + ANC supported by the code w/o validation -> leaks RFC 4035 + RFC 7816 + ANC supported by the code + validation -> no leaks Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
