On Wed, Feb 26, 2014 at 07:41:00PM -0500, Paul Wouters wrote: > seems to agree doing DNSSEC on the host itself (server or in-app) is > still the preferred method.
Is Micorosoft's method still to prefer the AD bit from the server, but use IPSec between the clients and the servers? That would seem to be similar to your concern. Best, A -- Andrew Sullivan [email protected] _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
