In message <79597e4d-dec0-4622-a410-003b45eb5...@fugue.com>, Ted Lemon writes: > I updated homenet-dot with the change that Mark requested regarding > signed, unsigned and insecure delegations. I believe the text is > correct now, but would appreciate a sanity check. Otherwise, I think > it's up to the chairs to make the next move.
I would explictly list DS home.arpa as a exception. (I had to file a bug report against recursive server that failed to have this exception this week for AS112 zones. The bug has been fixed.) Also I wouldn't be using '.home.arpa.' as we also want to stop queries for 'home.arpa' leaving the home. There are a couple of references to '.home.arpa'. e.g. Old: DNS queries for names ending with '.home.arpa.' are resolved using local resolvers on the homenet. Such queries MUST NOT be recursively forwarded to servers outside the logical boundaries of the homenet. New: DNS queries for names ending with 'home.arpa.' are resolved using local resolvers on the homenet. Such queries MUST NOT be recursively forwarded to servers outside the logical boundaries of the homenet with the exception of DS lookups for 'home.arpa.'. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
