On Feb 6, 2025, at 11:41, Philip Homburg <pch-dnso...@u-1.phicoh.com> wrote: > >> For me, it's a big issue because .internal is not in the root zone, >> just like zillions of other names that are bit in the root zone. >>> internal has *no* SUDN features that are at all different than >> those zillions. > > In my opinion, .internal should get a negative DNSSEC trust anchor.
NTAs are installed by resolvers, not authoritative servers. It sounds like this proposal is for a universal NTA; this WG soundly rejected that idea when it (barely) agreed to describing NTAs at all. > So that > makes it different from all other names that are not in the root zone. > > If we decide we don't want a negative trust anchor, then no special processing > is needed, so there would also be no need for a SUDN entry. Agree. --Paul Hoffman _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
