It appears that Philip Homburg <pch-dnso...@u-1.phicoh.com> said: >> things like query minimization depend on NXDOMAIN. If I query for >> a.b.c.d.example and d.example does not exist, fake NODATA will make >> the client leak the entire name with multiple wasted queries. > >It seems to me that main purpose of query minimization is to find delegations >without leaking the entire qname. The parent doesn't have to know the >full qname. > >There is no reason to assume that clients are constructing names that they >don't want to the target zone to know.
But the presumably don't want the TLD to know them. Query minimization would only show e.example to the example TLD, but fake NODATA sends the TLD the whole name. Per that other note reminding us that restoring NXDOMAIN breaks DNSSEC, I'm wondering how useful this is likely to be in practice, unless you assume that nobody uses DNSSEC in stubs now and never will. R's, John _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
