In article <caaedzxqz-douclwekiqs4_opdy8wakb_7tpmfkjqtbwx_fa...@mail.gmail.com>
you write:
>-=-=-=-=-=-
>
>Can I ask why you went with resolver-info.arpa instead of
><rev-ip>.{in-addr,ip6}.arpa of the resolver IP to which the query is being
>issued? I think the temp-field2.<stuff> trick still works, and maybe we
>could get DNSSEC validation (IDK about dnssec validation in the rev-ip
>.arpa space).
in-addr.arpa and ip6.arpa are signed as are the zones delegated to the
RIRs. I think that all of the RIRs provide a way to add DS records to
delegatd zones. So in principle DNSSEC in the rDNS should work fine.
There is the practical issue of how much badly written software would
barf with records other than PTR in the rDNS. I've had an MX for a
while in my rDNS zone and it seems to work OK.
Regards,
[email protected].
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
