On Oct 26, 2022, at 10:02 AM, Klaus Frank <klaus.fr...@posteo.de> wrote: > > I don't quite understand what the controversial part with this is, but why > not just copy RFC7686 (onion special use domain name) for .ALT? > > It's an established precedence and also doesn't look like a bad idea to just > register the TLD with NXDOMAIN on the "normal" root dns servers? > > > Authoritative DNS Servers: Authoritative servers MUST respond to > > queries for .onion with NXDOMAIN.
The question is not how authoritative servers must respond: because the .alt
TLD will not be in the root, the root servers will respond with NXDOMAIN
regardless of what the draft says. The question is about recursive resolvers.
From RFC 7686:
4. Caching DNS Servers: Caching servers, where not explicitly
adapted to interoperate with Tor, SHOULD NOT attempt to look up
records for .onion names. They MUST generate NXDOMAIN for all
such queries.
Thus, we have a standards-track document that requires that every resolver on
the planet is supposed to have special rules for this particular name.
It is completely clear that, seven years later, many resolvers don't follow
that SHOULD NOT rule. In fact, at at least one root server, .onion queries
appear more often than many gTLDs and ccTLDs.
The question is thus, is the value of adding that special rule for every TLD in
the RFC 6761 registry worth the benefit? Given the example of onion, is such a
benefit even noticeable, and if so to whom?
--Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
