On Thu, 7 Sep 2017, Stephane Bortzmeyer wrote:
This way, requests for anything.internal which leaked at the root would receive an insecure denial of existence (since there is no DS for .internal). Problem solved, no?
Wouldn't that be a secure denial of existence? AFAIK, the root isn't using NSEC3/optout :) Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
