Home gateways are typically not recursive resolvers. They're usually just translators for non-recursive DNS query/responses. Some have forwarding servers. There might be some that are recursive resolvers, but there are lot of good reasons not to put one there, starting with the fact that some service providers have a nasty habit of running split horizon at their authoritative resolving servers, and you lose all their lovely additional differentiating wonderfulness if you bypass their fancy special star-bellied nameservers and go straight to the root yourself.
On Mon, Nov 17, 2014 at 9:20 PM, Michael Richardson <mcr+i...@sandelman.ca> wrote: > > Andrew Sullivan <a...@anvilwalrusden.com> wrote: > > Under DNSSEC, either the CPE has to be in the NS RRset (because > > otherwise it would fail validation; but this exposes an NS on the CPE > > to the world), or else it's not. I guess the idea is to answer > > authoritatively without being in the NS RRset? Some resilience > > mechanisms will treat that as a ijacking attempt, but I suppose if > > validation passes they shouldn't. > > The CPE is also often the recursive resolvers for the home, so I don't see > the issue. > > -- > ] Never tell me the odds! | ipv6 mesh > networks [ > ] Michael Richardson, Sandelman Software Works | network > architect [ > ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on > rails [ > > > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet > > -- james woodyatt <j...@nestlabs.com> Nest Labs, Communications Engineering
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
