On 7/13/09 10:08 AM, "Tony Finch" <d...@dotat.at> wrote: > On Mon, 13 Jul 2009, Livingood, Jason wrote: > >> I think we probably also need to address the fact that mail servers >> should not use resolvers that perform DNS redirect (this was assumed but >> should be explicit). > > I think you need to widen that caveat: anything that isn't a web browser > should not use a DNS server that misbehaves as described in this draft. > How would these servers identify themselves? And should clients believe servers that report they do not send back altered replies?
This might work, but there would need to be a way for DNS resolvers to announce their configuration (e.g. redirect yes/no, DNSSEC yes/no, etc), which isn't available today. Scott > Tony. > -- > f.anthony.n.finch <d...@dotat.at> http://dotat.at/ > GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. > MODERATE OR GOOD. > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > =================================== Scott Rose NIST sco...@nist.gov ph: +1 301-975-8439 http://www-x.antd.nist.gov/dnssec http://www.dnsops.gov/ =================================== _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
