Hi, Dne 23. 10. 22 v 21:00 David Conrad napsal(a):
The root of the DNS is a commons, supported by volunteers who are paying out of their own pocket to provision a global infrastructure. I’m personally not comfortable recommending techniques that can add undefined (could be minimal, might not be: no one knows for sure) load to that infrastructure.
Well, the modern and well-configured resolvers will protect Root servers by employing Aggresive Negative Caching or Root Zone Prefetch (and eventually Query Name Minimisation for the sake of querier's privacy); outdated and broken resolvers will keep bombing the root's auths with junk queries even if we declare they MUST NOT. As a consequence, those arguments for this "MUST NOT" are moot.
I personally don't like any suggestions that recursive and/or authoritative server software has some hard-wired handling of special TLDs. Especially (but not limited to!) RFC7686 (.onion), which requires even non-root auth servers to answer NXDOMAIN for names out of their configured bailiwicks (which is being ignored by auth software vendors AFAIK).
Libor _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
