On Thu, Sep 27, 2007 at 06:45:55PM -0700, Paul Hoffman <paul.hoffman@xxxxxxxx> wrote a message of 36 lines which said: > It ignores one of the main reasons that many organizations purposely > choose to provide recursive lookup to the public, namely for their > own roaming users. No, it is *not* ignored. See section 4, for instance : o Use TSIG [RFC2845] or SIG(0) [RFC2931] signed queries to authenticate the clients. This is a less error prone method, which allows server operators to provide service to clients who change IP address frequently (e.g. roaming clients). VPN are another solution, although not mentioned in the I-D, may be because it is obvious. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf