>So, we got some good review and feedback on this from Tony Finch, anyone else?
I read the draft, and as a spec it looks fine to me. Once there are a few empty.as112.arpa servers, you can send any branch of the DNS to oblivion by pointing a DNAME at them. I have 2 1/2 questions: * Anyone can point a DNAME to empty.as112.arpa, not just subtrees of rDNS. Is that a security issue? * I don't know what fraction of the Internet's DNS caches understand DNAME and will synthezize responses from a cached DNAME. The ones that don't will presumably continue to hammer on the server(s) with the DNAMEs. Is that a performance or security issue? * (the half question) Since DNAME only redirects names below the DNAME and not the name itself, something a lot of people don't seem to understand very well,* should the document offer any advice about what else you might want to put at the name with the DNAME? R's, John * - see the .CAT TLD for an example _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop