Mark Andrews <[email protected]> writes: > Actually DNSSEC could give you the key of the resolver securely > provided it has a public address. Publish a KEY record signed in > the DNS under in-addr.arpa or ip6.arpa. If need to we define flag > bits to say it is for this purpose. For private addresses you need > to have a trust anchor for the private part of the reverse tree or > use leap of faith.
Yes, that's what I was saying... I was just following it by "there are a huge number of private-address resolvers in the real world". -- Wes Hardaker Parsons _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
