Re: [DNSOP] [homenet] Fwd: WGLC on "redact" and "homenet-dot"

Wed, 14 Dec 2016 20:36:43 -0800 

In message <alpine.osx.2.11.1612142258160.5...@ary.qy>, "John R Levine" writes:
> > I was under the impression that .homenet is handled entirely within the
> > DNS resolver of the Homenet router, which combines:
> >
> >  - an authoritative DNS server for .homenet;
> >  - a hybrid mDNS proxy;
> >  - a recursive DNS resolver for the rest of the namespace.
> 
> So far so good.  The problem is a (largely hypothetical at this point) 
> stub resolver that wants to do DNSSEC verification of the results the 
> router gives it.

Lots of machines already do

        forwarder { list of servers from DHCP; };
        forward only;

automatically and those servers have a DNSSEC validation enabled.
This isn't a hypothetical problem.

Mark

> R's,
> John
> 
> >> On the computers I know, the stub resolver is in one shared library and
> >> the SOCKS proxy is in another.  What's the difference?
> >
> > The SOCKS library uses a completely different data transport (one that is
> > circuit-switched and layered over TCP), with very different capabilities
> > from the usual packet-switched transport.
> 
> Of course, but from the point of view of a SOCKS client, either way it 
> gives it a name and a port, and it gets back a two-way data stream.  If 
> you don't happen to be using a web proxy or ToR, the SOCKS library does 
> essentially nothing.
> 
> > Adding support for mDNS to the stub resolver makes no change to the way 
> > the actual data is pushed around.
> 
> Sure it does -- the .local queries do one thing and the others do another.
> Not unlike with SOCKS the .onion opens do one thing and the others do 
> another.  But this is utterly tangential to the argument about resolvers 
> that might want to do DNSSEC validation of .homenet results.
> 
> _______________________________________________
> homenet mailing list
> home...@ietf.org
> https://www.ietf.org/mailman/listinfo/homenet
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: ma...@isc.org

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to