Hi Greg,

On 1 Mar 2014, at 19:45, okTurtles <[email protected]> wrote:

>> ask them if they would be willing to accept a dns.alt or something like that.
> 
> *.dns is a metaTLD, whereas I don't believe *.alt has been designated as such?

You're right, ALT (the TLD) doesn't exist today, might one day exist, and is 
not special in any way right now, although a draft proposal exists to make it 
special and avoid its future delegation from the root zone.

If we suppose that it's possible, due to software defects or user error, that 
DNS queries will one day be sent to the Internet for names ending in .DNS, how 
about choosing a parent domain that you control, and whose traffic can be 
managed separately, instead?

Leaked traffic for names ending in .DNS is going to hit the root servers today. 
If a new gTLD called "DNS" exists in the future, you'll hit their servers (and 
there will be confusion between which name was intended, and potentially 
leakage of query data between the two namespaces). If you use a name ending in 
.ALT, and the ALT proposal is adopted, your traffic is back hitting the root 
servers again, but at least you're not colliding with other names.

If you use your own domain that you have registered and control, you can direct 
any leaking traffic wherever you want. You can sink it in AS112+ servers 
(assuming this wg likes that proposal) using an apex DNAME. You have options.

I think considering the possibility that queries will leak towards the DNS is 
important when you start to develop a new, non-DNS namespace (so, it's great 
that you're here). Not thinking about it has the potential to leak users 
information in unexpected directions, and cause operational mayhem with other 
peoples' nameservers.

It's hard to see a better option than today than anchoring your new namespace 
to a domain that you register and pay for in the DNS. Your options in that 
regard include TLDs if your namespace is sufficiently sensitive to label length 
that you're prepared to pay the $500k+ for the process to register it; to my 
mind, your local TLD registrar can probably give you a better deal.


Joe

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to