dnsflagday icon indicating copy to clipboard operation
dnsflagday copied to clipboard

Published 20 hours ago verified publisher icon dns-violations

[discussion] strict RFC 8020: There Really Is Nothing Underneath

Open pspacek opened this issue 5 years ago • 1 comments

Specification: https://tools.ietf.org/html/rfc8020

Expected advantage: Better cache efficiency and resource consumptions for operators, better latency for end users. Better protection again some dumb types of random subdomain attacks.

Expected disadvantage: See https://tools.ietf.org/html/rfc8020#section-5 and https://tools.ietf.org/html/rfc8020#section-7 . It might not be a good idea for unsigned zones.

Expected implementation complexity for software developers: Medium?

Expected non-compliance: ? TBD, same as for #86

Research to confirm assumptions: TBD, similar to #86

pspacek avatar Apr 29 '19 06:04 pspacek

This is my vote. Remove the hacks for qname minimization and start doing aggressive NXDOMAIN pruning. As noted in the intro comment this is essentially the same as #86, and I'd personally consider them all to be the same issue.

vttale avatar May 12 '19 09:05 vttale