In message <[email protected]>, Mark Andrews writes: > > In message <[email protected]>, Ted Lemon writes: > > > > On Feb 9, 2017, at 7:48 PM, Mark Andrews <[email protected]> wrote: > > > 1) there is too much brokeness out there that returns NXDOMAIN instead > > > of a NODATA for a ENT. > > > > So you're saying that a root nameserver is going to return an incorrect > > result? And what does this have to do with intelligent trees? > > I'm developing software that will be run on private internets with > various degrees of compentence from the adminitrators as well as > the public Internet. That private internet may have a ENT for ALT > that returns NXDOMAIN. The server has to work in that environment. > > So NXDOMAIN doesn't stop the query. > > Even with everything working properly QNAME minimisation DOES NOT > STOP THE QUERIES. > > RFC 4035 + RFC 7816 -> leaks (synthesis of negative answers is banned by RFC > 4035) > RFC 4035 + RFC 7816 + ANC supported by the code w/o validation -> leaks > RFC 4035 + RFC 7816 + ANC supported by the code + validation -> no leaks
And to complete the table RFC 4035 + ANC supported by the code + validation -> leaks (no queries for alt) > Mark > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: [email protected] > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
