Hi Warren
I didn't read the whole thing, but quickly browsed it. I will follow up
with a better review, but here's one point:
> 2. Additional records MUST only be served over TCP connections.
> This is to mitigate Denial of Service reflection attacks.[1]
I think this draft should not co
Hi all,
This document may contain much that makes folk grumpy.
It proposes allowing an authoritative nameserver to return additional
information (surprisingly, in the Additional section), and have
recursives trust it (because it is DNSSEC signed). This makes
responses larger, and so we propose an
