Earlier, Andrew Sullivan wrote: > ...DNSSEC cannot be used for validation with mDNS because > the actual mDNS name is [some string].local., ...
mDNS can, and regularly is, also used to transport DNS information outside the ".local" pseudo-TLD. The mDNS specification explicitly says that mDNS also can be used to carry foo.bar.<some-TLD> records. Whether mDNS happens to be used in that way in a particular deployment appears to depend on local deployment considerations. For example, I have heard about deployments where information about foo.bar.<particular-TLD> is carried by mDNS, for a variety of deployment-specific reasons. When mDNS is being used to transport DNS information that uses an official TLD (either ccTLD or gTLD), rather than "foo.bar.local", then DNSsec can be used to protect that information. My apologies for being insufficiently precise earlier. Yours, Ran _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
