> Question: Is anyone proposing that we can achieve DNS privacy while > maintaining the current practice of the client defaulting to the DNS server > advertised in DHCP?
Yes, cga-tsig *might* be an option but for DHCP security, it is dependent to SAVI-DHCP or any monitoring mechanism in the network. You might want to take a look on section http://tools.ietf.org/html/draft-rafiee-intarea-cga-tsig-11#section-2.1 or wait for revision version for better text. Best, Hosnieh P.S. please don't comment on section 2.2.4, that section need a major revision as it is old. Thanks! _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
