On Aug 18, 2021, at 15:29, Brian Dickson <brian.peter.dick...@gmail.com> wrote:
> I'd be interested in pointers if consolidation by authority operators is a > privacy concern. Authority operators only see traffic from resolvers, not > from end users, and all of the data served is by definition public. This is a bit of a tangent, but I think it's reasonable to say that it's not the public nature of the data being sent in responses that is the concern, it's the existence of any particular query and the data derived from that query's existence. For example, Dave Dagon gave a good summary some years ago now about the disturbing number of resolvers that happily send host addresses in EDNS(0) client-subnet options to authoritative servers. I haven't seen current numbers, but I think it's perhaps reasonable to be open to the idea that authority servers acquire data from queries that identifies individuals, even if only in a minority of queries or if combined with some other dataset that maps personal identities to addresses. The trick here is to be clear about what threat we are trying to mitigate so that we can understand the cost and the benefit, who should be able to choose to accept the cost and who benefits. I have not been able to keep up with the thread I'm replying to in all its glory since I don't have enough hours in the day to dedicate to dnsop, but I think perhaps that this particular fragment of the discussion needs to distinguish between what nameservers are called and who runs them. Namespace consolidation intended to promote opportunities to return useful glue with responses and reduce the need to requery is not the same as one operator serving a large number of zones. A nameserver responding on a single address can be known by many names. Joe _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop