On Tuesday, July 15, 2003, at 04:33 AM, Masataka Ohta wrote:
Alain;
During yesterday's discussion on DNS discovery we somehow jumped the gun a bit quickly and moved to solution space without really understanding the requirements.
OK. What's wrong if microsoft run DNS servers at
yourdomain.microsoft.com
and preconfigure keys in their OS for dynamic update?
Not sure I understand how your comment is related to this discussion.... could you please clarify?
A) Rob, in his introduction, pointed at a number a functions a node could do when we talk about DNS autoconfiguration. Basically those are: 1- finding a recursive name server 2- finding a search list 3- updating the forward DNS tree 4- updating the reverse DNS tree 5- finding a NTP source for DNSsec signature verification
From this list, it seems to me that 1- is critical,
Well known anycast addresses are more than enough for 1.
I agree it works (I wrote the draft ;-). The other suggested solution works too.
5- is important
You should be joking. Where is security?
You need a reasonable clock to verify DNSsec signature.
- Alain.
#---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
