I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft specifies a technique to increase privacy in unencrypted DNS traffic by not specifying a full domain name to the upstream name server. The security considerations section does exist and does relent that encryption would be a better form of privacy, but would require more coordination. The section also discloses that this protocol does not help in the case of recursive resolvers. I believe that the draft sufficiently describes the limitations of the QNAME minimization method as specified. General comments: None. Editorial comments: Should QNAME be initially expanded/defined? s/therefore do not give/therefore not give/ s/improving performances/improving performance/ Shawn. --