> If the local network is going to work in the absense of connection to > the Internet (even permanent lack of Internet connectivity as in a low > power homenet with nothing but local devices powered on - home alarm, > thermostats, etc), then a local trust anchor is needed as well.
Maybe, not necessarily. If the validating resolver and the authoritative name server are separate entities, then yes; the resolver will need a trust anchor to believe what the authority server says. If they're the same box, though, then it can answer authoritatively for names in ".local" and recursively for everything else, and it would only bother with validation on the recursive answers. (That's how BIND 9 works, anyway; I'm not particularly knowledgable about other DNS software.) -- Evan Hunt -- [email protected] Internet Systems Consortium, Inc. _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
