> -----Original Message----- > From: dns-privacy <[email protected]> On Behalf Of Paul > Hoffman > Sent: Tuesday, July 13, 2021 11:34 AM > To: [email protected] > Subject: [EXTERNAL] Re: [dns-privacy] [Ext] WG strategy on opportunistic vs > authenticated moving forward > > On Jul 13, 2021, at 8:08 AM, Hollenbeck, Scott > <[email protected]> wrote: > > . . .my preference would be for the WG to focus on solutions for > authoritative name servers serving zones that aren’t delegation-centric. > > This has come up before, and I'm trying to figure out why. If this WG comes > up with a protocol that any zone operator can choose to implement, why > differentiate between delegation-centric and anything else? It feels short- > sighted to look at current zone contents and try to optimize a solution for > them, instead of just making all DNS extensions optional.
Delegation-centric zones return name server IP addresses that are exposed in subsequent recursive queries. The value proposition of encrypting those addresses in a DNS response has to be weighed against the server resource overhead of adding support for encryption, especially when there are data minimization techniques available that can reduce the amount of information disclosed without putting an operational burden on the authoritative name server. If a solution can be developed that works for all levels of the DNS hierarchy, fine, but I believe there's more value in a solution (or solutions) where the data can't be protected using minimization techniques and there's a greater likelihood of near-term experimentation. Scott _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
