Andrew Sullivan <[email protected]> wrote: > Under DNSSEC, either the CPE has to be in the NS RRset (because > otherwise it would fail validation; but this exposes an NS on the CPE > to the world), or else it's not. I guess the idea is to answer > authoritatively without being in the NS RRset? Some resilience > mechanisms will treat that as a ijacking attempt, but I suppose if > validation passes they shouldn't.
The CPE is also often the recursive resolvers for the home, so I don't see the issue. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] [email protected] http://www.sandelman.ca/ | ruby on rails [
pgpSVwM6pRde5.pgp
Description: PGP signature
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
