About the DDoS risk, it should not be worried so much because this scheme is
controlled/triggered by the recursive server (with a flag as NN bit).
In other words, the recursive server can get the piggybacked multiple responses
only when it wants and of cource it can disable this model anytime.
Another scenario to illustrate this proposal is under the DANE case:
A client wants to visit www.example.com.
But this domain name supports DANE can the TLSA record is configured under the
domain name: _443._tcp.www.example.com.
The client has to query the two names seperately.
Yes, it is just one more TTL, but why not to do the optimization with a
steerable method.
Zhiwei Yan
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
