In message <[email protected]> Evan Hunt writes: > > If the local network is going to work in the absense of connection to > > the Internet (even permanent lack of Internet connectivity as in a low > > power homenet with nothing but local devices powered on - home alarm, > > thermostats, etc), then a local trust anchor is needed as well. > > Maybe, not necessarily. > > If the validating resolver and the authoritative name server are separate > entities, then yes; the resolver will need a trust anchor to believe what > the authority server says. > > If they're the same box, though, then it can answer authoritatively for > names in ".local" and recursively for everything else, and it would only > bother with validation on the recursive answers. (That's how BIND 9 works, > anyway; I'm not particularly knowledgable about other DNS software.)
A local trust anchor is needed for the isolated network with more than one router. This is true for address allocation and routing if they are authenticated (they should be IMHO), and for dnssec if used. Curtis _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
