> On 2 Dec 2021, at 01:57, Vladimír Čunát <vladimir.cunat+i...@nic.cz> wrote: > > On 01/12/2021 15.49, Mark Andrews wrote: >> Black lies is “QNAME NSEC \000.QNAME NSEC RRSIG”. There is no churn for >> "black lies”. Black lies turns NXDOMAIN into NODATA. >> >> "DNS Shotgun" can produce churn of NSEC if you ask for a type that is listed >> as existing but it doesn’t actually exist. The NSEC returned is still valid >> for DNSSEC synthesis. > > Oh, I'm sorry; a terminological problem. I used "black-lies" for the overall > behavior of Cloudflare auths, as described in that blog article. Maybe we > could extend the current terminology draft :-D > > (Nit: about random QTYPE attacks, I can't see a point when you leave random > QNAME attacks undefended.)
Dropping them also sets a bad precedent as one then has to deal with “but foobar works with the bad type map” complaints. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
