An unbounded number of AS112 operators, not an inbound number. I apologise to all present for sending mail to dnsop from a phone without taking more time to check for autocorrect lunacy.
On Nov 12, 2017, at 11:26, Joe Abley <jab...@hopcount.ca> wrote: On Nov 12, 2017, at 10:51, Kim Davies <kim.dav...@icann.org> wrote: We haven't studied what would be involved, but I feel confident in predicting the whole exercise would be non-trivial. It seems to me that you could implement this using lawyers as easily as you could using developers; it is after all arguably a static change in procedure that doesn't need to be especially repeatable. If the root zone maintainer is contracted to include a record, surely the record will be included. However, I think the more general idea that queries for internal names should be leaked towards unknown AS112 operators is problematic. As an end-user I would prefer my leaked queries to be jealously hoarded by one of twelve root server operators than an inbound number of anonymous and potentially ephemeral AS112 operators. The potential for complete data collection at the root servers goes down as resolvers implement aggressive NSEC caching. In the case of a delegation or redirection, that potential is reduced since the non-existence of individual names under internal is then the thing that is cached, not the non-existence of the right-most label in the namespace. Joe
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop