On 10/11/18 1:56 PM, Tony Finch wrote: > Apart from the basic mechanics that we have already mentioned, I think the > interesting question here is how to manage scalability to lots of zones: if > we publish encryption/authentication information about nameservers in the DNS: > > * is it published per server, associated with the server’s canonical name? > > * what about in-bailiwick aliases? > > * how important is it to avoid replicating this information in every zone > hosted on the server? > > * does it help to use the reverse DNS instead?
This question brings up a topic that would require a fair amount of interchange with DANE. What are the benefits/drawbacks of having DANE records in the reverse tree for each server? There are probably a myriad of issues to work through, but it looks like that would alleviate a fair amount of complexity at the zone level. Still need to think through the gory details... Brian
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
