In message <ffafd844-824c-44ea-a4b1-1ad28b4fe...@fugue.com>, Ted Lemon writes: > > On Feb 8, 2017, at 12:25 AM, Mark Andrews <ma...@isc.org> wrote: > > And how does the server get the proof of non-existence? It needs > > to leak a query. > > If it has proof of non-existence for .alt cached, it doesn't need to ask > any further questions to deny the existence of any subdomain of .alt.
Which assumes agggressive negative caching. I'm going to make a realistic assumption that it will take 10+ years for there to be meaningful (>50%) deployment of aggressive negative caching. > Leaking a query to .alt is harmless. Is it? What reports are we going to see over the next 20 year of DITL data on *.alt. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop