Andrew Sullivan <a...@anvilwalrusden.com> wrote: > Of course, it _has_ to be this way, because the document continues to > recommend that signing happen outside the CPE, and therefore the CPE > can't respond with signed records. Even if signing did happen on the > CPE, there'd be a problem in that the CPE zone and the public zone will > inevitably be different in the case of any NAT. (I know, we're all
What about, in the case where the signing is elsewhere, that the CPE should be a local secondary for the zone? > But now I wonder how this is going to work in practice, because there > are probably going to be some homenet nodes that one does not want to > have published on the global Internet. Presumably those names one will > want to access inside the homenet anyway. I suppose we could say "use > only link-local resolution for those cases", though that of course Use whatever dnssd WG creates for multi-links. > driving us was a desire not to have that restriction. Otherwise, the > CPE has to be a DNS server for some but not all names inside the > homenet, and a forwarder for the rest of them. That seems a little > complicated. dnsmasq does exactly this already.... so running code. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
pgpQwL1XQtbcQ.pgp
Description: PGP signature
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet