Huitema's assignment of blame is completely incorrect. This is not a subtle issue; there is a fundamental difference between the server knowing addresses and the server not knowing addresses. Let's take his inria.fr example. A cache contacts ns-ext.vix.com, one of the .fr servers, and learns inria.fr NS dns.cs.wisc.edu without the address of dns.cs.wisc.edu. It has to put the query on hold while it looks for the address of dns.cs.wisc.edu. Why doesn't this .fr server provide the address of dns.cs.wisc.edu? Because IT DOES NOT KNOW THE ADDRESS. Huitema is wrong when he says that the current anti-poison mechanism--- clients don't accept .edu records from .fr servers---created this problem. The protocol does not require .fr servers to know the address of dns.cs.wisc.edu! See RFC 1034, end of section 4.2.1. (See also the part of section 5.3.3 that screams yes-we-know-this-design-is-garbage.) Do you think the .fr server should provide the dns.cs.wisc.edu address? That's server-side indirection. It works with current servers and caches if the name is changed from dns.cs.wisc.edu to whatever.ns.inria.fr, as I recommend. The inria.fr server is responsible for copying the address and notifying the .fr server of any changes. Everything works. Of course, with this fix, the name in the NS record serves no purpose. A better protocol would have put the address directly into the NS record: easier for servers, easier for caches, and no reliability problems. These are the same reasons that AAAA is better than A6. ---Dan -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------