Stephane Bortzmeyer <bortzme...@nic.fr> wrote: > > The only place where server authentication could be useful is between > a stub and the first resolver.
I don't think it is as simple as that. There are good reasons for using a recursive resolver that is close to you, e.g. to avoid untrustworthy shared resolvers. However the more people do this the more demand there will be for intercepting iterative queries between resolvers and authorities. You need to authenticate authoritative servers to protect against active interception. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Hebrides: South or southwest 4 or 5, increasing 6 to gale 8. Moderate or rough, becoming very rough in northwest. Mainly fair. Moderate or good, occasionally poor. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop