idnits 2.17.1 draft-bortzmeyer-rfc7816bis-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** The abstract seems to contain references ([RFC7816], [1]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 9 instances of lines with non-RFC2606-compliant FQDNs in the document. -- The document has examples using IPv4 documentation addresses according to RFC6890, but does not use any IPv6 documentation addresses. Maybe there should be IPv6 examples, too? -- The draft header indicates that this document obsoletes RFC7816, but the abstract doesn't seem to directly say this. It does mention RFC7816 though, so this could be OK. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 17, 2018) is 2109 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: '1' on line 458 ** Downref: Normative reference to an Informational RFC: RFC 6973 == Outdated reference: A later version (-03) exists of draft-wkumari-dnsop-hammer-01 == Outdated reference: A later version (-02) exists of draft-bortzmeyer-dprive-rfc7626-bis-01 == Outdated reference: A later version (-14) exists of draft-ietf-dnsop-terminology-bis-11 -- Obsolete informational reference (is this intentional?): RFC 7816 (Obsoleted by RFC 9156) Summary: 3 errors (**), 0 flaws (~~), 5 warnings (==), 5 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Bortzmeyer 3 Internet-Draft AFNIC 4 Obsoletes: 7816 (if approved) P. Hoffman 5 Intended status: Standards Track ICANN 6 Expires: January 18, 2019 July 17, 2018 8 DNS Query Name Minimisation to Improve Privacy 9 draft-bortzmeyer-rfc7816bis-00 11 Abstract 13 This document describes a technique to improve DNS privacy, a 14 technique called "QNAME minimisation", where the DNS resolver no 15 longer sends the full original QNAME to the upstream name server. 17 RFC EDITOR: PLEASE REMOVE BEFORE PUBLICATION. The original [RFC7816] 18 had the experimental status. This document is intended for the 19 standards track. It should be discussed in the IETF DNSOP (DNS 20 Operations) Working Group, through its mailing list. The source of 21 the document, as well as a list of open issues, is currently kept at 22 Framagit [1]. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at http://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on January 18, 2019. 41 Copyright Notice 43 Copyright (c) 2018 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (http://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Introduction and Background . . . . . . . . . . . . . . . . . 2 59 2. QNAME Minimisation . . . . . . . . . . . . . . . . . . . . . 3 60 3. Possible Issues . . . . . . . . . . . . . . . . . . . . . . . 4 61 4. Protocol and Compatibility Discussion . . . . . . . . . . . . 6 62 5. Operational Considerations . . . . . . . . . . . . . . . . . 6 63 6. Performance Considerations . . . . . . . . . . . . . . . . . 7 64 7. Results of the Experimentation . . . . . . . . . . . . . . . 7 65 8. Security Considerations . . . . . . . . . . . . . . . . . . . 8 66 9. Implementation status - RFC EDITOR: PLEASE REMOVE BEFORE 67 PUBLICATION . . . . . . . . . . . . . . . . . . . . . . . . . 8 68 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 69 10.1. Normative References . . . . . . . . . . . . . . . . . . 9 70 10.2. Informative References . . . . . . . . . . . . . . . . . 9 71 10.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 10 72 Appendix A. An Algorithm to Perform QNAME Minimisation . . . . . 10 73 Appendix B. Alternatives . . . . . . . . . . . . . . . . . . . . 11 74 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 12 75 Changes from RFC 7816 . . . . . . . . . . . . . . . . . . . . . . 12 76 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12 78 1. Introduction and Background 80 The problem statement is described in 81 [I-D.bortzmeyer-dprive-rfc7626-bis]. The terminology ("QNAME", 82 "resolver", etc.) is defined in [I-D.ietf-dnsop-terminology-bis]. 83 This specific solution is not intended to fully solve the DNS privacy 84 problem; instead, it should be viewed as one tool amongst many. 86 QNAME minimisation follows the principle explained in Section 6.1 of 87 [RFC6973]: the less data you send out, the fewer privacy problems 88 you have. 90 Before QNAME minimisation, when a resolver received the query "What 91 is the AAAA record for www.example.com?", it sent to the root 92 (assuming a cold resolver, whose cache is empty) the very same 93 question. Sending the full QNAME to the authoritative name server 94 was a tradition, not a protocol requirement. In a conversation with 95 the author in January 2015, Paul Mockapetris explained that this 96 tradition comes from a desire to optimise the number of requests, 97 when the same name server is authoritative for many zones in a given 98 name (something that was more common in the old days, where the same 99 name servers served .com and the root) or when the same name server 100 is both recursive and authoritative (something that is strongly 101 discouraged now). Whatever the merits of this choice at this time, 102 the DNS is quite different now. 104 2. QNAME Minimisation 106 The idea is to minimise the amount of data sent from the DNS resolver 107 to the authoritative name server. In the example in the previous 108 section, sending "What are the NS records for .com?" would have been 109 sufficient (since it will be the answer from the root anyway). The 110 rest of this section describes the recommended way to do QNAME 111 minimisation -- the way that maximises privacy benefits (other 112 alternatives are discussed in the appendices). 114 Instead of sending the full QNAME and the original QTYPE upstream, a 115 resolver that implements QNAME minimisation and does not already have 116 the answer in its cache sends a request to the name server 117 authoritative for the closest known ancestor of the original QNAME. 118 The request is done with: 120 o the QTYPE NS 122 o the QNAME that is the original QNAME, stripped to just one label 123 more than the zone for which the server is authoritative 125 For example, a resolver receives a request to resolve 126 foo.bar.baz.example. Let's assume that it already knows that 127 ns1.nic.example is authoritative for .example and the resolver does 128 not know a more specific authoritative name server. It will send the 129 query QTYPE=NS,QNAME=baz.example to ns1.nic.example. 131 The minimising resolver works perfectly when it knows the zone cut 132 (zone cuts are described in Section 6 of [RFC2181]). But zone cuts 133 do not necessarily exist at every label boundary. If we take the 134 name www.foo.bar.example, it is possible that there is a zone cut 135 between "foo" and "bar" but not between "bar" and "example". So, 136 assuming that the resolver already knows the name servers of 137 .example, when it receives the query "What is the AAAA record of 138 www.foo.bar.example?", it does not always know where the zone cut 139 will be. To find the zone cut, it will query the .example 140 name servers for the NS records for bar.example. It will get a 141 NODATA response, indicating that there is no zone cut at that point, 142 so it has to query the .example name servers again with one more 143 label, and so on. (Appendix A describes this algorithm in deeper 144 detail.) 145 Here are more detailed examples of queries with QNAME minimisation: 147 www.isc.org, cold cache, aggressive algorithm: 149 QTYPE QNAME TARGET NOTE 150 NS org root nameserver 151 NS isc.org Afilias nameserver 152 NS www.isc.org ISC nameserver "www" may be delegated 153 A www.isc.org ISC nameserver 155 www.isc.org, cold cache, lazy algorithm (for a cold cache, it is the 156 same algorithm as now): 158 QTYPE QNAME TARGET NOTE 159 A www.isc.org root nameserver 160 A www.isc.org Afilias nameserver 161 A www.isc.org ISC nameserver 163 www.isc.org, warm cache (all NS RRsets are known), both algorithms: 165 QTYPE QNAME TARGET NOTE 166 A www.isc.org ISC nameserver 168 www.example.org, warm cache (but for isc.org only, example.org's 169 NS RRset is not known), aggressive algorithm 171 QTYPE QNAME TARGET NOTE 172 NS example.org Afilias nameserver 173 NS www.example.org Example nameserver 174 A www.example.org Example nameserver 176 Since the information about the zone cuts will be stored in the 177 resolver's cache, the performance cost is probably reasonable. 178 Section 6 discusses this performance discrepancy further. 180 Note that DNSSEC-validating resolvers already have access to this 181 information, since they have to know the zone cut (the DNSKEY record 182 set is just below; the DS record set is just above). 184 3. Possible Issues 186 TODO may be remove the whole section now that it is no longer 187 experimental? 189 QNAME minimisation is legal, since the original DNS RFCs do not 190 mandate sending the full QNAME. So, in theory, it should work 191 without any problems. However, in practice, some problems may occur 192 (see [Huque-QNAME-Min] for an analysis and [Huque-QNAME-storify] for 193 an interesting discussion on this topic). 195 Some broken name servers do not react properly to QTYPE=NS requests. 196 For instance, some authoritative name servers embedded in load 197 balancers reply properly to A queries but send REFUSED to NS queries. 198 This behaviour is a protocol violation, and there is no need to stop 199 improving the DNS because of such behaviour. However, QNAME 200 minimisation may still work with such domains, since they are only 201 leaf domains (no need to send them NS requests). Such a setup breaks 202 more than just QNAME minimisation. It breaks negative answers, since 203 the servers don't return the correct SOA, and it also breaks anything 204 dependent upon NS and SOA records existing at the top of the zone. 206 Another way to deal with such incorrect name servers would be to try 207 with QTYPE=A requests (A being chosen because it is the most common 208 and hence a QTYPE that will always be accepted, while a QTYPE NS may 209 ruffle the feathers of some middleboxes). Instead of querying 210 name servers with a query "NS example.com", we could use 211 "A _.example.com" and see if we get a referral. TODO this is what 212 Unbound does 214 A problem can also appear when a name server does not react properly 215 to ENTs (Empty Non-Terminals). If ent.example.com has no resource 216 records but foobar.ent.example.com does, then ent.example.com is an 217 ENT. Whatever the QTYPE, a query for ent.example.com must return 218 NODATA (NOERROR / ANSWER: 0). However, some name servers incorrectly 219 return NXDOMAIN for ENTs. If a resolver queries only 220 foobar.ent.example.com, everything will be OK, but if it implements 221 QNAME minimisation, it may query ent.example.com and get an NXDOMAIN. 222 See also Section 3 of [DNS-Res-Improve] for the other bad 223 consequences of this bad behaviour. 225 A possible solution, currently implemented in Knot or Unbound, is to 226 retry with the full query when you receive an NXDOMAIN. It works, 227 but it is not ideal for privacy. 229 Other practices that do not conform to the DNS protocol standards may 230 pose a problem: there is a common DNS trick used by some web hosters 231 that also do DNS hosting that exploits the fact that the DNS protocol 232 (pre-DNSSEC) allows certain serious misconfigurations, such as parent 233 and child zones disagreeing on the location of a zone cut. 234 Basically, they have a single zone with wildcards for each TLD, like: 236 *.example. 60 IN A 192.0.2.6 238 (They could just wildcard all of "*.", which would be sufficient. We 239 don't know why they don't do it.) 240 This lets them have many web-hosting customers without having to 241 configure thousands of individual zones on their name servers. They 242 just tell the prospective customer to point their NS records at the 243 hoster's name servers, and the web hoster doesn't have to provision 244 anything in order to make the customer's domain resolve. NS queries 245 to the hoster will therefore not give the right result, which may 246 endanger QNAME minimisation (it will be a problem for DNSSEC, too). 248 4. Protocol and Compatibility Discussion 250 QNAME minimisation is compatible with the current DNS system and 251 therefore can easily be deployed; since it is a unilateral change to 252 the resolver, it does not change the protocol. (Because it is a 253 unilateral change, resolver implementers may do QNAME minimisation in 254 slightly different ways; see the appendices for examples.) 256 One should note that the behaviour suggested here (minimising the 257 amount of data sent in QNAMEs from the resolver) is NOT forbidden by 258 Section 5.3.3 of [RFC1034] or Section 7.2 of [RFC1035]. As stated in 259 Section 1, the current method, sending the full QNAME, is not 260 mandated by the DNS protocol. 262 One may notice that many documents that explain the DNS and that are 263 intended for a wide audience incorrectly describe the resolution 264 process as using QNAME minimisation (e.g., by showing a request going 265 to the root, with just the TLD in the query). As a result, these 266 documents may confuse readers that use them for privacy analysis. 268 5. Operational Considerations 270 TODO what to do if the resolver forwards? Unbound disables QNAME 271 minimisation in that case, since the forwarder will see everything, 272 anyway. What should a minimising resolver do when forwading the 273 request to a forwarder, not to an authoritative name server? Send 274 the full qname? Minimises? (But how since we do not know the zone 275 cut?) 277 The administrators of the forwarders, and of the authoritative 278 name servers, will get less data, which will reduce the utility of 279 the statistics they can produce (such as the percentage of the 280 various QTYPEs). 282 DNS administrators are reminded that the data on DNS requests that 283 they store may have legal consequences, depending on your 284 jurisdiction (check with your local lawyer). 286 6. Performance Considerations 288 The main goal of QNAME minimisation is to improve privacy by sending 289 less data. However, it may have other advantages. For instance, if 290 a root name server receives a query from some resolver for A.example 291 followed by B.example followed by C.example, the result will be three 292 NXDOMAINs, since .example does not exist in the root zone. Under 293 query name minimisation, the root name servers would hear only one 294 question (for .example itself) to which they could answer NXDOMAIN, 295 thus opening up a negative caching opportunity in which the full 296 resolver could know a priori that neither B.example nor C.example 297 could exist. Thus, in this common case the total number of upstream 298 queries under QNAME minimisation would be counterintuitively less 299 than the number of queries under the traditional iteration (as 300 described in the DNS standard). TODO mention [RFC8020]? 302 QNAME minimisation may also improve lookup performance for TLD 303 operators. For a typical TLD, delegation-only, and with delegations 304 just under the TLD, a two-label QNAME query is optimal for finding 305 the delegation owner name. 307 QNAME minimisation can decrease performance in some cases -- for 308 instance, for a deep domain name (like 309 www.host.group.department.example.com, where 310 host.group.department.example.com is hosted on example.com's 311 name servers). Let's assume a resolver that knows only the 312 name servers of example.com. Without QNAME minimisation, it would 313 send these example.com name servers a query for 314 www.host.group.department.example.com and immediately get a specific 315 referral or an answer, without the need for more queries to probe for 316 the zone cut. For such a name, a cold resolver with QNAME 317 minimisation will, depending on how QNAME minimisation is 318 implemented, send more queries, one per label. Once the cache is 319 warm, there will be no difference with a traditional resolver. 320 Actual testing is described in [Huque-QNAME-Min]. Such deep domains 321 are especially common under ip6.arpa. 323 7. Results of the Experimentation 325 TODO various experiences from actual deployments, problems heard. 326 TODO the Knot bug #339 https://gitlab.labs.nic.cz/knot/knot-resolver/ 327 issues/339? TODO Problems with AWS https://forums.aws.amazon.com/ 328 thread.jspa?threadID=269116? 330 8. Security Considerations 332 QNAME minimisation's benefits are clear in the case where you want to 333 decrease exposure to the authoritative name server. But minimising 334 the amount of data sent also, in part, addresses the case of a wire 335 sniffer as well as the case of privacy invasion by the servers. 336 (Encryption is of course a better defense against wire sniffers, but, 337 unlike QNAME minimisation, it changes the protocol and cannot be 338 deployed unilaterally. Also, the effect of QNAME minimisation on 339 wire sniffers depends on whether the sniffer is on the DNS path.) 341 QNAME minimisation offers zero protection against the recursive 342 resolver, which still sees the full request coming from the stub 343 resolver. 345 All the alternatives mentioned in Appendix B decrease privacy in the 346 hope of improving performance. They must not be used if you want 347 maximum privacy. 349 9. Implementation status - RFC EDITOR: PLEASE REMOVE BEFORE PUBLICATION 351 This section records the status of known implementations of the 352 protocol defined by this specification at the time of posting of this 353 Internet-Draft, and is based on a proposal described in [RFC7942]. 354 The description of implementations in this section is intended to 355 assist the IETF in its decision processes in progressing drafts to 356 RFCs. Please note that the listing of any individual implementation 357 here does not imply endorsement by the IETF. Furthermore, no effort 358 has been spent to verify the information presented here that was 359 supplied by IETF contributors. This is not intended as, and must not 360 be construed to be, a catalog of available implementations or their 361 features. Readers are advised to note that other implementations may 362 exist. 364 According to [RFC7942], "this will allow reviewers and working groups 365 to assign due consideration to documents that have the benefit of 366 running code, which may serve as evidence of valuable experimentation 367 and feedback that have made the implemented protocols more mature. 368 It is up to the individual working groups to use this information as 369 they see fit". 371 Unbound has QNAME minimisation for several years, and it is now the 372 default. It has two modes, strict (no workaround for broken 373 authoritative name servers) and "lax" (retries when there is a 374 NXDOMAIN). TODO Ralph Dolmans talk at OARC https://indico.dns- 375 oarc.net/event/22/contributions/332/attachments/310/542/ 376 unbound_qnamemin_oarc24.pdf 377 Knot resolver also has QNAME minimisation since 2016, and it is 378 activated by default. 380 BIND has QNAME minimisation since BIND 9.13.2, released in july 2018. 381 Like Unbound, it has several modes, with or without workarounds for 382 broken authoritative name servers. 384 PowerDNS does not have QNAME minimisation. TODO 385 https://github.com/PowerDNS/pdns/issues/2311 387 The public DNS resolver at Cloudflare ("1.1.1.1") has QNAME 388 minimisation (it uses Knot). 390 10. References 392 10.1. Normative References 394 [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", 395 STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, 396 . 398 [RFC1035] Mockapetris, P., "Domain names - implementation and 399 specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, 400 November 1987, . 402 [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., 403 Morris, J., Hansen, M., and R. Smith, "Privacy 404 Considerations for Internet Protocols", RFC 6973, 405 DOI 10.17487/RFC6973, July 2013, . 408 10.2. Informative References 410 [DNS-Res-Improve] 411 Vixie, P., Joffe, R., and F. Neves, "Improvements to DNS 412 Resolvers for Resiliency, Robustness, and Responsiveness", 413 Work in Progress, draft-vixie-dnsext-resimprove-00, June 414 2010. 416 [HAMMER] Kumari, W., Arends, R., Woolf, S., and D. Migault, "Highly 417 Automated Method for Maintaining Expiring Records", Work 418 in Progress, draft-wkumari-dnsop-hammer-01, July 2014. 420 [Huque-QNAME-Min] 421 Huque, S., "Query name minimization and authoritative 422 server behavior", May 2015, . 425 [Huque-QNAME-storify] 426 Huque, S., "Qname Minimization @ DNS-OARC", May 2015, 427 . 429 [I-D.bortzmeyer-dprive-rfc7626-bis] 430 Bortzmeyer, S. and S. Dickinson, "DNS Privacy 431 Considerations", draft-bortzmeyer-dprive-rfc7626-bis-01 432 (work in progress), July 2018. 434 [I-D.ietf-dnsop-terminology-bis] 435 Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS 436 Terminology", draft-ietf-dnsop-terminology-bis-11 (work in 437 progress), July 2018. 439 [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS 440 Specification", RFC 2181, DOI 10.17487/RFC2181, July 1997, 441 . 443 [RFC7816] Bortzmeyer, S., "DNS Query Name Minimisation to Improve 444 Privacy", RFC 7816, DOI 10.17487/RFC7816, March 2016, 445 . 447 [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running 448 Code: The Implementation Status Section", BCP 205, 449 RFC 7942, DOI 10.17487/RFC7942, July 2016, 450 . 452 [RFC8020] Bortzmeyer, S. and S. Huque, "NXDOMAIN: There Really Is 453 Nothing Underneath", RFC 8020, DOI 10.17487/RFC8020, 454 November 2016, . 456 10.3. URIs 458 [1] https://framagit.org/bortzmeyer/rfc7816-bis 460 Appendix A. An Algorithm to Perform QNAME Minimisation 462 This algorithm performs name resolution with QNAME minimisation in 463 the presence of zone cuts that are not yet known. 465 Although a validating resolver already has the logic to find the 466 zone cuts, implementers of other resolvers may want to use this 467 algorithm to locate the cuts. This is just a possible aid for 468 implementers; it is not intended to be normative: 470 (0) If the query can be answered from the cache, do so; otherwise, 471 iterate as follows: 473 (1) Find the closest enclosing NS RRset in your cache. The owner of 474 this NS RRset will be a suffix of the QNAME -- the longest suffix 475 of any NS RRset in the cache. Call this ANCESTOR. 477 (2) Initialise CHILD to the same as ANCESTOR. 479 (3) If CHILD is the same as the QNAME, resolve the original query 480 using ANCESTOR's name servers, and finish. 482 (4) Otherwise, add a label from the QNAME to the start of CHILD. 484 (5) If you have a negative cache entry for the NS RRset at CHILD, go 485 back to step 3. 487 (6) Query for CHILD IN NS using ANCESTOR's name servers. The 488 response can be: 490 (6a) A referral. Cache the NS RRset from the authority section, 491 and go back to step 1. 493 (6b) An authoritative answer. Cache the NS RRset from the 494 answer section, and go back to step 1. 496 (6c) An NXDOMAIN answer. Return an NXDOMAIN answer in response 497 to the original query, and stop. 499 (6d) A NOERROR/NODATA answer. Cache this negative answer, and 500 go back to step 3. 502 Appendix B. Alternatives 504 Remember that QNAME minimisation is unilateral, so a resolver is not 505 forced to implement it exactly as described here. 507 There are several ways to perform QNAME minimisation. See Section 2 508 for the suggested way. It can be called the aggressive algorithm, 509 since the resolver only sends NS queries as long as it does not know 510 the zone cuts. This is the safest, from a privacy point of view. 511 Another possible algorithm, not fully studied at this time, could be 512 to "piggyback" on the traditional resolution code. At startup, it 513 sends traditional full QNAMEs and learns the zone cuts from the 514 referrals received, then switches to NS queries asking only for the 515 minimum domain name. This leaks more data but could require fewer 516 changes in the existing resolver codebase. 518 In the above specification, the original QTYPE is replaced by NS (or 519 may be A, if too many servers react incorrectly to NS requests); this 520 is the best approach to preserve privacy. But this erases 521 information about the relative use of the various QTYPEs, which may 522 be interesting for researchers (for instance, if they try to follow 523 IPv6 deployment by counting the percentage of AAAA vs. A queries). A 524 variant of QNAME minimisation would be to keep the original QTYPE. 526 Another useful optimisation may be, in the spirit of the HAMMER idea 527 [HAMMER], to probe in advance for the introduction of zone cuts where 528 none previously existed (i.e., confirm their continued absence, or 529 discover them). 531 To address the "number of queries" issue described in Section 6, a 532 possible solution is to always use the traditional algorithm when the 533 cache is cold and then to move to QNAME minimisation (precisely 534 defining what is "hot" or "cold" is left to the implementer). This 535 will decrease the privacy but will guarantee no degradation of 536 performance. 538 Acknowledgments 540 TODO (refer to 7816) 542 Changes from RFC 7816 544 Fixed errata #4644 546 Moved to standards track 548 Authors' Addresses 550 Stephane Bortzmeyer 551 AFNIC 552 1, rue Stephenson 553 Montigny-le-Bretonneux 78180 554 France 556 Phone: +33 1 39 30 83 46 557 Email: bortzmeyer+ietf@nic.fr 558 URI: https://www.afnic.fr/ 560 Paul Hoffman 561 ICANN 563 Email: paul.hoffman@icann.org