Hi Paul, On 17 Jun 2025, at 19:00, Paul Hoffman <[email protected]> wrote:
> This is a good idea, but I am wary of the implementation. Have the authors > done any testing on what will happen with resolvers that are not aware of the > new semantics? We have paged the Science Officer. I understand Wes is in the process of reporting to the bridge. > I ask because I can imagine that some resolvers, when seeing the delegation > to "." would then pound mercilessly on the root servers. Maybe a different > target for the nowheres would cause less damage from resolvers that don't > know the new protocol? That seems like a possibility. We have some established practice with MX, SRV and SVCB using the empty name and the sky has not yet fallen. In a different conversation we looked for examples of empty SOA.MNAME and we saw measurable numbers of those too. We did some ad-hoc experiments with particular names delegated to . from live domains and didn't manage to crash the Internet, but I would not call that conclusive. Delegating to a name that can't be resolved happens all the time, and given the volume of junk A queries that arrive at the root servers on a normal day the general reaction of the system to NS targets that can't be resolved is clearly not much of a problem. I agree that it's possible that some software I don't know about special-cases the empty name. I definitively don't know what I don't know. Using "." to mean "not available" has some history and it feels nice not to deviate; also I'm not sure what other name we could use that would not cause different headaches. But I agree choosing a different special target just for this would conceptually be some kind of solution if it turns out there is a problem. Joe _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
