On May 4, 2009, at 7:01 PM, YAO Jiankang wrote:
it usally locates in the local host as the same as the normal resolver? or it usually locates in recursiver name server or some special host?
Today, it usually doesn't exist. When it does, it is usually located on a recursive server used by multiple hosts.
if it usally locates in the local host as the same as the normal resolver, every machine must be configured at leat one trust anchor. so the local machine need a lot of computing resources to finish the resolving process.
Define 'a lot' in today's terms. I'd argue that the days of CPU/ memory/bandwidth constrained end user devices are long past.
if it usually locates in recursiver name server or some special host, the local host just send a query to that machine. if so, the data transfered between the local lost and the resolver is not secured, we need another mechanism to secure the data transfer.
Yep. See TSIG (or IPSEC if you prefer). Regards, -drc _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
