Hi Andrew,
At 02:52 04-03-2014, Andrew Sullivan wrote:
Since we're all wandering around with a DNS cache on our laptops any
more, you could easily get an answer back from (say) the homenet DNS
with the DNSKEY record. You will cache it.
If you then go to some other network, you will try to validate with
that DNSKEY that you have cached (until it expires). If you then
query for some resource inside the homenet for a record you don't
already have cached, you'll need to be able to validate it; so it
needs to be validatable using that same cached key record. If it's
not, then the data will validate bogus and you'll fail to connect.
That's an interesting case. I did not think of it. If I understood
correctly the answer in the DNS cache would be for a non-global
resource. There is no longer an assumption of uniqueness. As a
local decision I would use low TTLs [1].
Regards,
-sm
1. I gave some thought to the state of connectivity in future. I
suspect that there would be edge cases. I don't know whether it is
worth discussing about those cases.
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet
