Apart from the basic mechanics that we have already mentioned, I think the interesting question here is how to manage scalability to lots of zones: if we publish encryption/authentication information about nameservers in the DNS:
* is it published per server, associated with the server’s canonical name? * what about in-bailiwick aliases? * how important is it to avoid replicating this information in every zone hosted on the server? * does it help to use the reverse DNS instead? Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
