The problem is aggravated by "anti-poison" protections that
essentially prevent serving cached records from domains for which
the local server is not authoritative.
With DNSSEC and signed entries, it doesn't matter who gives you the
data, it's who signs it..
I haven't looked at it that closely but it would seem at first glance
that appropriate use of SIG records could allow for some relaxation of
the "anti-poisoning" checks (though SIG's are somewhat bulky).
- Bill
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
- The case against A6 and DNAME D. J. Bernstein
- Re: The case against A6 and DNAME Ignatios Souvatzis
- Re: The case against A6 and DNAME David Harmelin
- Re: The case against A6 and DNAME David Harmelin
- Re: The case against A6 and DNAME D. J. Bernstein
- Re: The case against A6 and DNAME Ian Jackson
- Re: The case against A6 and DNAME Matt Crawford
- RE: The case against A6 and DNAME Jim . Bound
- RE: The case against A6 and DNAME Christian Huitema
- The cost of signing records Bill Sommerfeld
- The cost of signing records D. J. Bernstein
- Re: The case against A6 and DNAME Nathan Lutchansky
- Re: The case against A6 and DNAME Matt Crawford
- RE: The case against A6 and DNAME Jim . Bound
- Re: The case against A6 and DNAME D. J. Bernstein
- Re: The case against A6 and DNAME D. J. Bernstein
- RE: The case against A6 and DNAME Jim . Bound
- Re: The case against A6 and DNAME JIM FLEMING
- RE: The case against A6 and DNAME David R. Conrad
- Re: The case against A6 and DNAME D. J. Bernstein
