On Thu, Sep 27, 2007 at 06:45:55PM -0700,
Paul Hoffman <[EMAIL PROTECTED]> wrote
a message of 36 lines which said:
> It ignores one of the main reasons that many organizations purposely
> choose to provide recursive lookup to the public, namely for their
> own roaming users.
No, it is *not* ignored. See section 4, for instance :
o Use TSIG [RFC2845] or SIG(0) [RFC2931] signed queries to
authenticate the clients. This is a less error prone method,
which allows server operators to provide service to clients who
change IP address frequently (e.g. roaming clients).
VPN are another solution, although not mentioned in the I-D, may be
because it is obvious.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www1.ietf.org/mailman/listinfo/dnsop
