On Mon, 17 Dec 2018, Wes Hardaker wrote:
cons: - not everyone controls their reverse zone easily, especially for those that don't hold at least a /24 allocation. Ironically, I fall into this camp but still think this is a better solution than a name-based one. - requires more lookups
Your ISP should support Classless Delegations, RFC 2317 https://tools.ietf.org/html/rfc2317 I have deployed this successfully.
- requires the reverse tree for that address be fully signed
That might be tricker, if your upstream ISP does not believe in DNSSEC signing. Paul _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy