>>>>> "PW" == Paul Wouters <[email protected]> writes:
PW> Now for my question. Until we reach 4), what should we do with the AD PW> bit in getaddrinfo() ? PW> A) strip the AD bit in struct addrinfo for "untrusted nameservers". A new PW> configuration mechanism will allow white-listing nameservers and 127.0.0.1 PW> will always be on the whitelist. PW> B) do nothing I've always preferred a local resolver, and with dnssec a local verifier, on every system. If there are systems unable or unwilling to do that, then A is a reasonable compromize until they can and will. -JimC -- James Cloos <[email protected]> OpenPGP: 1024D/ED7DAEA6 _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
