In message <[email protected]>, Andrew Sullivan writes: > On Fri, Feb 03, 2017 at 08:54:59PM -0500, Ted Lemon wrote: > > On Feb 3, 2017, at 8:51 PM, Andrew Sullivan <[email protected]> wrote: > > > If the resolver "has a local zone for alt" -- I think this means it is > > > authoritative for that zone -- why would it ask the root about it at > > > all? > > > > As long as the stub resolver isn't validating, it's no problem. If it is > > validating, t > hen the recursive resolver can't fool the stub resolver if there's a secure > denial of ex > istence. > > > > Right, that's always been the problem with using this _for the DNS_. > Homenet has no choice in that, because the whole point of the homenet > name is precisely to enable in-homenet DNS without reference to the > global DNS. I think you're quite correct that we need to decide > whether alt is to be used for those purposes. I'm not convinced > that's so useful.
It's a problem for ALL special names. BOGUS / SERVFAIL isn't the response leaked names should get. Its bad engineering. > A > > -- > Andrew Sullivan > [email protected] > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
