On Feb 3, 2017, at 4:09 PM, Mark Andrews <ma...@isc.org> wrote: > You need a insecure delegation for ALT for the purposes we want to > use ALT for.
I don't think there's consensus on what we want to use ALT for. I see Ralph arguing that ALT is never used to resolve things using the DNS protocol, and I see you saying that that's one of the uses we have in mind. We need to figure out which of these we are actually trying to do. If you are right, we need an insecure delegation in the root, and ALT queries will by default be answered using DNS (in the sense that existing resolvers have no special-case handling for ALT). If Ralph is right, you can still use the DNS protocol to resolve names in .ALT, but you have to use a specially modified resolver to do it: one that ignores the secure denial of existence from the root.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop