It appears that Petr � pa� ek <[email protected]> said: >This is provably incorrect. 10.in-addr.arpa is an insecure delegation >which with network-dependent content, and it works for decades. ...
I dunno about you, but on all the systems I use the local cache substitutes a stub for 10.in-addr.arpa so it doesn't matter what the global DNS says. We seem to have a fairly basic religious difference of opinion here. Some of us believe that adding an opt-out in the root will make all DNSSSEC validators work, or if not all, enough to declare the problem solved. Others of us observe that our DNS software has already has special cases for locally served zones, they do not depend on what's in the global DNS, and and we believe that putting something in the global DNS for .INTERNAL will be confusing and won't solve real problems. I don't see any way to reconcile those. R's, John
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
