> third, i don't understand why the rule (source address of reply
> has to be equal to the destination of query) is enforced. it may
> have been useful in the past, but with source address spoofing
> getting widely practiced, it provides no protection. the only way
> we can be sure about data integrity is via DNSSEC (so unfortunately,
> we are using untrustable DNS responses every day at this moment).
On a busy caching server the number of outstanding queries can
exceed the ID space. Using a seperate ID space per IP address
addresses this issue (except when using forwarders).
Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
