Dave, > 1) in the multi-homing case you want requests from a local dns server > to be sourced > from the right network to the right ISP-provided forwarder. (think > I have a fix for > that but it involves abandoning resolv.conf for specific dnsmasq > configuration.
I can't quite see how you can do that. given that typically the DNS lookup is done prior to the choice of source address (choice of outgoing link). RFC6731 specifies a policy that can be distributed to hosts. (which would typically go in a homenet protocol). it is unfortunate that in some VPN / walled garden scenarios there are split DNS, if it wasn't this wouldn't have been a problem. I'm unsure what the right answer is with regards to using recursive resolvers outside of your own administrative domain. DNS forwarders make an attractive target for surveillance. cheers, Ole
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet