To:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Cc:
dnsop@cafax.se
From:
Alain Durand <Alain.Durand@Sun.COM>
Date:
Tue, 15 Jul 2003 05:16:41 -0700
In-reply-to:
<200307151133.UAA00746@necom830.hpcl.titech.ac.jp>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Stepping back on the DNS discovery discussion
On Tuesday, July 15, 2003, at 04:33 AM, Masataka Ohta wrote: > Alain; > >> During yesterday's discussion on DNS discovery >> we somehow jumped the gun a bit quickly and moved >> to solution space without really understanding the requirements. > > OK. What's wrong if microsoft run DNS servers at > > yourdomain.microsoft.com > > and preconfigure keys in their OS for dynamic update? Not sure I understand how your comment is related to this discussion.... could you please clarify? > >> A) Rob, in his introduction, pointed at a number a functions a node >> could >> do when we talk about DNS autoconfiguration. Basically those are: >> 1- finding a recursive name server >> 2- finding a search list >> 3- updating the forward DNS tree >> 4- updating the reverse DNS tree >> 5- finding a NTP source for DNSsec signature verification >> >> From this list, it seems to me that 1- is critical, > > Well known anycast addresses are more than enough for 1. I agree it works (I wrote the draft ;-). The other suggested solution works too. >> 5- is important > > You should be joking. Where is security? You need a reasonable clock to verify DNSsec signature. - Alain. #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.