In message <20170210015725.bf777636c...@rock.dv.isc.org>, Mark Andrews writes: > > In message <653a3403-dfc8-491a-b083-7873d1886...@fugue.com>, Ted Lemon writes: > > > > On Feb 9, 2017, at 7:48 PM, Mark Andrews <ma...@isc.org> wrote: > > > 1) there is too much brokeness out there that returns NXDOMAIN instead > > > of a NODATA for a ENT. > > > > So you're saying that a root nameserver is going to return an incorrect > > result? And what does this have to do with intelligent trees? > > I'm developing software that will be run on private internets with > various degrees of compentence from the adminitrators as well as > the public Internet. That private internet may have a ENT for ALT > that returns NXDOMAIN. The server has to work in that environment. > > So NXDOMAIN doesn't stop the query. > > Even with everything working properly QNAME minimisation DOES NOT > STOP THE QUERIES. > > RFC 4035 + RFC 7816 -> leaks (synthesis of negative answers is banned by RFC > 4035) > RFC 4035 + RFC 7816 + ANC supported by the code w/o validation -> leaks > RFC 4035 + RFC 7816 + ANC supported by the code + validation -> no leaks
And to complete the table RFC 4035 + ANC supported by the code + validation -> leaks (no queries for alt) > Mark > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
