Stephane Bortzmeyer <bortzme...@nic.fr> wrote: > Mark Andrews <ma...@isc.org> wrote: > > Ted Lemon <mel...@fugue.com> wrote: > > > > > > If it has proof of non-existence for .alt cached, it doesn't need > > > to ask any further questions to deny the existence of any > > > subdomain of .alt. > > > > Which assumes agggressive negative caching. > > If by "aggressive negative caching", you mean > draft-ietf-dnsop-nsec-aggressiveuse, then I disagree with you: it is > *not* necessary (since the name is the same), you just need RFC 8020 > support.
For RFC 8020 to suppress these .alt leaked queries properly, you also need qname minimization. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode Fisher: East 5 to 7, occasionally gale 8 at first. Moderate or rough. Snow showers. Moderate or good, occasionally very poor. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop