Andrew Sullivan <[email protected]> wrote: > Of course, it _has_ to be this way, because the document continues to > recommend that signing happen outside the CPE, and therefore the CPE > can't respond with signed records. Even if signing did happen on the > CPE, there'd be a problem in that the CPE zone and the public zone will > inevitably be different in the case of any NAT. (I know, we're all
What about, in the case where the signing is elsewhere, that the CPE should
be a local secondary for the zone?
> But now I wonder how this is going to work in practice, because there
> are probably going to be some homenet nodes that one does not want to
> have published on the global Internet. Presumably those names one will
> want to access inside the homenet anyway. I suppose we could say "use
> only link-local resolution for those cases", though that of course
Use whatever dnssd WG creates for multi-links.
> driving us was a desire not to have that restriction. Otherwise, the
> CPE has to be a DNS server for some but not all names inside the
> homenet, and a forwarder for the rest of them. That seems a little
> complicated.
dnsmasq does exactly this already.... so running code.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] [email protected] http://www.sandelman.ca/ | ruby on rails [
pgpQwL1XQtbcQ.pgp
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
