In message <3fe7bc511a990b0288b645dc176e1ef3.1504515...@squirrel.mail>, "Walter H." writes: > On Mon, September 4, 2017 10:26, Jim Reid wrote: > > > >> On 4 Sep 2017, at 07:12, Walter H. <walte...@mathemainzel.info> wrote: > >> > >> by the way: why are you discussing about DNSSEC for names that are used > >> only locally? > > > > Why do you seem to assume there are never, ever any DNS security issues on > > the local net? > > when there are troubles on the local net, DNS security issues are the less > problem ... > > I'd say: "either you trust the local net or not"; > > > Why would someone want to deliberately configure things to prevent > > DNSSEC-aware applications and resolvers from working on the local net? > > because of its strange signature procedure: a zone doesn't have to be > resigned, when it changes ...
And no one said you have to use DNSSEC to sign any zone. The discussion is around making DNSSEC validating software work without having to update all of it to support people using home.arpa. That's starts by having a delegation for home.arpa. Mark > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
