On the other hand, might there be value in seeing how much errant traffic goes to the root so it can be reported and used to inform vendors, network architects, network administrators, et al?
Given the amount of bogus traffic already goes to the root, I’m not immediately worried this will increase the traffic level to a point of concern. And I remain puzzled as to why a simple NXDOMAIN response from the root isn’t exactly the right thing and why it matters whether it’s signed or not. Steve > On Mar 30, 2017, at 2:05 PM, Paul Vixie <p...@redbarn.org> wrote: > > On Thursday, March 30, 2017 5:54:50 PM GMT Brian Dickson wrote: >> Mark, >> >> When I say, "never reaches the roots", this is what I mean: >> Resolution of "example.<homenet-label>" is, by design, intercepted by >> homenet resolvers, and never reaches the outside world. >> Do you concur with this statement? >> >> ... > > i'm not mark, but i'd like to speak on a related topic. > > by design, queries that result in RFC 1918 addresses, and queries for RFC > 1918 > PTR names, were to be intercepted by local resolvers. > > let me know if you can't access DNS-OARC's DITL archives, which will show you > how prominent both kinds those queries loom in actual root name service load. > > i predict that foo.bar.<homenetlabel> will do likewise, whatever its design. > this is the one saving grace in asking for a real root zone delegation: we > can > add an NS pointing to localhost, and try to get subsequent queries to go to > heck rather than to the root servers. > > vixie > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
