> On 6 Mar 2017, at 21:25, Mark Andrews <marka at isc.org> wrote: > > In reality you can't prevent tlds being enumerated for active domains. Indeed. I said that at the time too. But we ended up with DNSSEC-ter regardless. IMO this was/is utterly pointless security theatre. Sigh.