Stephane Bortzmeyer <[email protected]> wrote: > Mark Andrews <[email protected]> wrote: > > Ted Lemon <[email protected]> wrote: > > > > > > If it has proof of non-existence for .alt cached, it doesn't need > > > to ask any further questions to deny the existence of any > > > subdomain of .alt. > > > > Which assumes agggressive negative caching. > > If by "aggressive negative caching", you mean > draft-ietf-dnsop-nsec-aggressiveuse, then I disagree with you: it is > *not* necessary (since the name is the same), you just need RFC 8020 > support.
For RFC 8020 to suppress these .alt leaked queries properly, you also need qname minimization. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ - I xn--zr8h punycode Fisher: East 5 to 7, occasionally gale 8 at first. Moderate or rough. Snow showers. Moderate or good, occasionally very poor. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
