On 11/11/2021 6:49 AM, Ralf Weber wrote:
While the IP address might be a good identifier on where to encrypt to we recently had a situation where an authoritative server with the same IP did answer just fine for one domain, but did, because the domain was used in an attack earlier drop all packets if you asked it for another domain. So I think you would need more then just the IP especially if you are wanting to use signals.
Or, "server" is in fact a cluster of servers behind a load balancer and a single IP. It is not uncommon to see upgrades being rolled out at different times to different servers in the farm. Opportunistic strategies and probing strategies have to deal with that.
-- Christian Huitema _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
