You don't even need SIG(0) to get the level of security that mDNS provides. And SIG(0) doesn't work right now, because it relies on an older version of DNSSEC keys. Remember the flag day?
On Wed, May 11, 2016 at 8:33 PM, Mark Andrews <[email protected]> wrote: > > SIG(0) works fine for DDNS once you have a KEY record installed in > the DNS. > > KEY can be installed on a "add if name does not exist basis" for > forward zone and add if TCP self (owner name is the matching > in-addr.arpa/ip6.arpa name of the TCP source address) is true for > the reverse zones. This requires policy enforcement in the server > but is do able. nameservers already have policy rules (e.g. tcp-self > has existed for years in named). Adding more is not a hard thing > to do. > > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: [email protected] >
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
