(no hats) > On Dec 15, 2016, at 12:20 PM, Ted Lemon <mel...@fugue.com> wrote: > > On Dec 15, 2016, at 11:05 AM, Jacques Latour <jacques.lat...@cira.ca > <mailto:jacques.lat...@cira.ca>> wrote: >> Where do you delegate homenet to? Advanced DNSSEC validation may check for >> proper delegation? > > I think we should ask ICANN to set up an unsecured delegation of .homenet to > the AS112 servers. In order for names under .homenet to be validated by > DNSSEC, it would be necessary for the validating resolver to have a trust > anchor for any homenet on which it wants to do validation, and a means of > differentiating between homenets so that it doesn’t use the wrong key to > validate. But that’s out of scope for this discussion: the point of this > discussion is simply to figure out whether we want to do the hard thing or > the easy thing: .homenet or home.arpa.
I suspect that this discussion has shown a certain amount of confusion on the subject of exactly how to make name resolution work as implied by what we know so far about what homenets will need to do, and that it might be beneficial to resolve the question in a way that will allow for relatively easy changes later. Given that any resolver operator who wants to configure their local resolver with special-casing for the homenet default namespace (or any other) can do so, the interesting question is what behavior is expected from the public DNS for queries on the default homenet namespace— and who has to implement it. Which solution (.homenet or .home.arpa) is easier to refine in light of future experience seems fairly obvious to me. Suzanne
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
