On Tue, May 05, 2009 at 10:01:42AM +0800, YAO Jiankang <[email protected]> wrote a message of 16 lines which said:
> it usally locates in the local host as the same as the normal > resolver? You mean stub resolver? Because, on the vast majority of machines, the normal resolver is certainly not "in the local host". > or it usually locates in recursiver name server or some special > host? Both are possible and reasonable and I do not think it would be wise to mandate one specific approach. > if it usally locates in the local host as the same as the normal > resolver, every machine must be configured at leat one trust > anchor. so the local machine need a lot of computing resources to > finish the resolving process. Management of trust anchors is certainly a big issue, computing resources are not for the typical PC, which has so many unused processing power that it must run 3D screensavers to use at least a part of it. > if it usually locates in recursiver name server or some special > host, the local host just send a query to that machine. if so, the > data transfered between the local lost and the resolver is not > secured, we need another mechanism to secure the data transfer. The client and the recursive resolver are often in the same network (for some definition of network, I did not say "in the same LAN") so the security issues are less pressing than in the global Internet. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
