In message <79597e4d-dec0-4622-a410-003b45eb5...@fugue.com>, Ted Lemon writes:
> I updated homenet-dot with the change that Mark requested regarding
> signed, unsigned and insecure delegations.   I believe the text is
> correct now, but would appreciate a sanity check.   Otherwise, I think
> it's up to the chairs to make the next move.

I would explictly list DS home.arpa as a exception.  (I had to file
a bug report against recursive server that failed to have this
exception this week for AS112 zones.  The bug has been fixed.)  Also
I wouldn't be using '.home.arpa.' as we also want to stop queries
for 'home.arpa' leaving the home.  There are a couple of references
to '.home.arpa'.

e.g.

Old:
   DNS queries for names ending with '.home.arpa.' are resolved using
   local resolvers on the homenet.  Such queries MUST NOT be recursively
   forwarded to servers outside the logical boundaries of the homenet.

New:
   DNS queries for names ending with 'home.arpa.' are resolved using
   local resolvers on the homenet.  Such queries MUST NOT be recursively
   forwarded to servers outside the logical boundaries of the homenet with
   the exception of DS lookups for 'home.arpa.'.

Mark

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: ma...@isc.org

_______________________________________________
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet

Reply via email to