Hi,

I am the assigned ART reviewer. FWIW I have some familiarity with the DNS 
generally, but this is the first time I've read this draft.

I think the draft is close to ready. Three points:

1. Section 3 says the domain resolver.arpa is used. The only example in the 
document uses a different domain, namely resolver.example.com. As I read 
it, the meaning is only really defined for resolver.arpa. Not sure what 
resolution I prefer here, but I would be happier if the first example were 
obviously compliant, and even happier if the document specifies what 
RESINFO means when returned for other domains. (Nothing, right?)

2. "For example, a DoT server may not want to host an HTTPS server" implies 
that the informational server is hosted by the resolver. I don't like that 
implication and suggest removing the sentence or (better) finding a 
different example.

3. The use of "validate" and "reputation" in the security considerations 
reminds me of RFC 1925 Truth 6. Please excuse my unkind choice of words: 
The paragraph sounds like a more polite version of "some attacker might 
find a way to attack this, but a reputation blackbox will fix that". 
Perhaps an explanation of the problem as you understand it helps. I 
certainly didn't understand the threat.

Arnt