Rob, On Oct 22, 2022, at 5:11 AM, Rob Wilton (rwilton) <rwil...@cisco.com> wrote: > If this was a MUST NOT, then at the point that the RFC is published, would > that not mean that all DNS stub (and maybe recursive) resolvers immediately > become non complaint with the new standard?
The draft says “Informational”. It is (maybe) recommending the partitioning of the domain name namespace, explicitly creating a sub-space that is for non-DNS use. It makes no sense to me to then pretend it’s "just fine” to issue DNS queries in that sub-namespace. > My interpretation of Paul's comment is that nothing bad happens if a client > does attempt to resolve .alt names in the DNS because they will just fail in > the same way as any other domain that doesn't exist in the DNS, and that is > okay. But it is not OK. Yes, the root servers are surely provisioned to handle the additional load the use of .alt might create, but it adds to the useless noise — why would the IETF encourage this? Worse, it exposes .alt traffic to potential eavesdroppers. I’m confused why the IETF would publish an informational document that says both of those are not protocol violations. > Possibly, the draft could have some text that allows stub resolves to filter > out DNS requests for .alt names if they wish. The point is that DNS resolvers of any kind are explicitly not supposed to see .alt queries — .alt is NOT a DNS namespace. If they do (and they obviously will), something is broken and should be fixed. Regards, -drc
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
