> Perhaps I'm naive but "implementation-specific" would be good enough for > me. > > Consider the case with IPv4. You've manually configured a couple of DNS > servers, then run DHCPv4 to get an address and DNS servers. > > Do you have to specify how to handle the case? > > The latest wins.
The reason this example is naive (well, you asked :-) is when DNSSEC is used the client might have a trust relationship with a particular DNS server (aka recursive resolver) and a secure channel to that resolver. In that case you clearly don't want to replace that manually configured DNS server with the ones the DHCP server tells you to use. But if the client itself does DNSSEC signature validation it would presumably use the best-performing server. Erik -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
