On Sep 11, 2020, at 21:34, Robert Edmonds <edmo...@mycre.ws> wrote: > > Paul Wouters wrote: >>> On Sep 11, 2020, at 20:48, Paul Vixie <p...@redbarn.org> wrote: >>> >>> On Sat, Sep 12, 2020 at 09:40:11AM +1000, Mark Andrews wrote: >>>> and why is it a RR type at all. An EDNS option or a opcode is better >>>> suited >>>> for this sort of thing. >>> >>> +1. >> >> An RR type can be signed and distributed differently and allow for >> preloading of (distributed) caches which enhanced the decentralization of >> recursive DNS servers. > > As described in -00, a cached and re-distributed AUTHINFO RR is useless > unless you know what nameserver address it applies to, and if an > AUTHINFO RR isn't trustworthy unless it's signed then the AUTHINFO RR > would need to embed the nameserver address that it applies to so that > that information can be signed and validated as well. >
Put the RR at each NS name, eg _encdns.ns0.nohats.ca. Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
