On 25 Sep 2019, at 18:18, Warren Kumari <[email protected]> wrote: > Yes, the best practice and advice is to choose something random, but > network engineers are humans too, and if you had to remember and try > tell someone over the phone to use fd5a:8109:a679:180a:45d3:d653:22:1 > or fd00:1::1 as the default gateway, which would you rather do?
You could choose something random then give the end-user a DNSSEC-signed DNS name instead of the address. So long as they are using a centralised resolver service with a long enough privacy policy, a different address family to do the resolution over and the operating system uses DoH by default, security is guaranteed and end-users gain the reliability of having large companies responsible for communicating their local network parameters instead of unreliable local technicians who are invariably up to no good. All we need is the universal deployment of IPv6, DNSSEC and DoH. Joe
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
