It's an established precedence and also doesn't look like a bad idea to just register the TLD with NXDOMAIN on the "normal" root dns servers?
> Authoritative DNS Servers: Authoritative servers MUST respond to > queries for .onion with NXDOMAIN. On 26.10.2022 18:52, Paul Vixie wrote:
John Levine wrote on 2022-10-25 14:30:> ... ... Considering the vast amount of junk traffic that the roots get now, it's hard to imagine that .alt would add enough to care about.we don't and can't know that. in any case we should first do no harm.the DNS is capable of signaling that a given domain isn't operable in the DNS, like delegating to localhost, DNAME'ing to AS112, assigning a pseudo-random DS for which there is no corresponding DNSKEY, &etc. if queries in DNS for names ending in .ALT are proof of misconfiguration, then the result of those queries can be arbitrary, and should optimize for the health of the DNS rather than the utility of the misconfigured.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
