The talk of the town these days is DNSSEC. I worry about the size of an IDNccTLD + IDNs + DNSSEC responses, leading to a quite exclusive use of TCP. I wander if the related delay, security, documentation, operational aspects have been considered? jfc