> Personally I don't think that special actions in resolvers for > INVALID and TEST are a good idea either; I would prefer consistent > behaviour and no special cases, especially as I suspect that > resolver operators that pay attention to this kind of thing and > keep their software up-to-date probably already do aggressive > NSEC caching and hence the risk to the root server system is > lower than the risks related to increased complexity and camel > exhaustion. But both risks seem small. > > If the consensus is that following the examples of INVALID and > TEST is sensible then this would be a more convincing 6761-path > to "special". > > I suppose I prefer SHOULD to MUST, but really I prefer "not > special" to "special".
I think the goal of INVALID and TEST is that they are not used for production traffic. So a special rule that by default resolvers do not try to resolve those names is fine. The point of INTERNAL is the opposite. It is meant to be used for production traffic. Any host that contacts local resolvers in site that uses INTERNAL should be able to resolve it. So anything that we write that would reduce or restrict resolving INTERNAL is counter productive. There is however Mark's point about DNSSEC validation. I'll reply to his message about that. _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
