On 12.11.2017 04:26, Joe Abley wrote: > On Nov 12, 2017, at 10:51, Kim Davies <kim.dav...@icann.org > <mailto:kim.dav...@icann.org>> wrote: > > We haven't studied what would be involved, but I feel confident in >> predicting the whole exercise would be non-trivial. > > It seems to me that you could implement this using lawyers as easily as > you could using developers; it is after all arguably a static change in > procedure that doesn't need to be especially repeatable. If the root > zone maintainer is contracted to include a record, surely the record > will be included. > > However, I think the more general idea that queries for internal names > should be leaked towards unknown AS112 operators is problematic. As an > end-user I would prefer my leaked queries to be jealously hoarded by one > of twelve root server operators than an inbound number of anonymous and > potentially ephemeral AS112 operators. > > The potential for complete data collection at the root servers goes down > as resolvers implement aggressive NSEC caching. In the case of a
Unfortunatelly aggressive use of NSEC will not help because the name will exist (either with NS or DNAME). I wonder whether this is sufficient reason not to request the delegation and let users to configure an exception for .internal (which is needed anyway). This needs more thought. Petr Špaček @ CZ.NIC > delegation or redirection, that potential is reduced since the > non-existence of individual names under internal is then the thing that > is cached, not the non-existence of the right-most label in the namespace. > > > Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
