On Thu, Oct 22, 2015 at 02:18:42PM +0200,
Witold Kręcicki <[email protected]> wrote
a message of 67 lines which said:
> Because that would require an unencrypted query to the zone NS to get
> the zone key
...
> This approach is mostly for recursive servers - and those as mostly
> managed by owners of the net block. An alternative for recursive servers
> is a hardcoded key in eg. /etc/resolv.conf.
I think that this rationale should go into the draft, in a separate
section, to limit repeated discussions (I already reported privately
the problem with {in-addr,ip6}.arpa...)
_______________________________________________
dns-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dns-privacy
