DNSdir nit: DNS server indirect DOS attack

[oej]

If an authoritative resolver were configured to respond quite slowly (think slow loris [XXXrefereceXXX]), is it possible to cause a DoS on the TLS server via complete exhaustion of TCP connections?

Nit: I'd say this is tangential. There are many ways of attempting DoS, with risks increasing for public servers and/or resolvers. I fail to see why single out this one particular attack approach in this RFC. (BTW, what's "authoritative resolver" anyway?)

https://datatracker.ietf.org/doc/review-ietf-dance-architecture-06-dnsdir-early-cunat-2024-07-19/

[oej]

I do not see any need for action on this.