On 07/24/2018 09:08 AM, Petr Špaček wrote:
I would recommend you to use subdomain of your public domain.
Agreed. The alternative might be to use a different public domain.
Nice thing is that this approach doesn't require: - views - forwarding - explicit trust anchor (if you want DNSSEC inside internal network)
Public (sub)domain(s) also make it easier to use external / 3rd party CAs. - Rather I've found it difficult to use private / non-public (sub)domain(s) when using public CAs.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
