This looks good. I think that this is better than AS112—we'll do some A/AAAA queries to root, but presumably these will be negative cached so it won't be a huge load? I like that this provides a way to establish a trust anchor for internal domains, although I haven't reasoned through whether this would currently work with existing validators.
If this really is better, then we should consider also updating RFC6303, RFC8375 and RFC9665, and also adding a similar delegation for .local. RFC6762 doesn't address this at all. > On 17 Jun 2025, at 17:44, Joe Abley <[email protected]> > wrote: > > Hi all, > > Warren, Wes and I put our respective heads together in Prague and came up > with this: > > https://datatracker.ietf.org/doc/draft-jabley-dnsop-zone-cut-to-nowhere/ > > This is some general advice for how to delegate a domain to another namespace. > > This document proposes a standard mechanism that is potentially applicable, > we think, to the .INTERNAL situation that was discussed at some length a > while ago (and in a couple of messages today) but also includes other > examples of when it could and should not be used. > > This document doesn't direct the IANA to do anything, to avoid the policy > conversation that implies, but if it achieved consensus it would provide a > standard mechanism that IANA could reasonably choose to use. > > <clickbait type="wes/science">Wes was still madly typing into a half-closed > laptop as I left to board a flight and the document only contains references > to his science to follow, not the actual science. If this sounds intriguing, > review the document to learn more. </clickbait> > > <clickbait type="warren/kittens">There are kittens.</clickbait> > > > Joe > _______________________________________________ > DNSOP mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
