> On Dec 13, 2022, at 18:50, Wessels, Duane
> <dwessels=40verisign....@dmarc.ietf.org> wrote:
>
>
> I
> I still think the requirements for library (stub) and caching resolver
> behavior should be stronger. i.e. MUST NOT put .alt queries on the wire.
> But this is probably a minority opinion.
Earlier I had said “should use query minimalization”, but perhaps better is to
just say “with DO set (or when this cannot be determined) should strip the
query down to “.alt” (eg dropping anything left of the TLD) and change the type
to AAAA and continue the regular resolving process. If no DO is set, just
return NXDOMAIN.
> “Caching Resolvers performing aggressive use of DNSSEC-validated caches ...
> will not send any queries for names under .alt to the root zone.” This
> statement is too strong. RFC 8198 says SHOULD, not MUST. Not to mention
> cache misses.
I think stripping the qname is easier and preserves more privacy.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
