On 16/12/2015, at 1:31 AM, "Timothe Litt via RT" wrote: > > Tue Dec 15 14:31:56 2015: Request 41298 was acted upon. > Transaction: Ticket created by litt@acm.org > Queue: bind9 > Subject: Special use zone handling > Owner: Nobody > Requestors: litt@acm.org > Status: new > Ticket > ----------------------------------------------------------------------- > > Currently bind supports automatic empty zones (only) for reverse address > zones in private IPv4 and reserved IPv6 spaces. It doesn't do other > special-use zone handling specified in several RFCs. > > http://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml > > The other "special-use" zones (as of today) are: > > example. > example.com. > example.net. > example.org. > invalid. > local. > localhost. > onion. > test. > > It seems to me that most of the missing special handling can be > implemented by adding automatic empty zones. Actually they can't for the names in the root zone. Queries for these names that make it to the DNS still need to have negative responses that can be handed to a validator and not get bogus out the other end. The automatic empty zones do not achieve that. The simplest way to not send traffic to the root servers is to slave the root zone. This doesn't help with example.{com.net,org}. Mark