On Wednesday, January 8, 2025 11:52:03 PM UTC Watson Ladd wrote: > On Wed, Jan 8, 2025, 10:53 AM Paul Vixie > <paul=40redbarn....@dmarc.ietf.org> wrote: > > > ... > > Maybe I'm missing something but if the attacker is just filling the > cache on a recursive resolver they cooperate with the origin to get > the responses.
that's how random subdomain attacks work, yes. RRL can help but not enough. > Are you discussing setups where the authoritative has a caching layer > that is getting hit and responses are expensive? Then there's no point > in making a standard vs have the authoritative use a smarter > cache/cheaper lookup. no. > What would the benefit of this signalling be on the Internet? And how > would it avoid being overinclusive when some names change? synthetic data would be explicitly known as such. plus, nonterminal wildcards. overinclusive as names change is a valid criticism. probably needs a short ttl. -- Paul Vixie
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
