On 22 Dec 2010, at 2:11 PM, Ben Campbell wrote:
-- 14, 1st paragraph: "The option to fail-over to Multicast DNS
for names not ending in ".local." SHOULD be a user-configured
option, and SHOULD be disabled by default because of the possible
security issues related to unintended local resolution of
apparently global names."
I have trouble imagining any safe circumstance to enable this.
Can you offer an example?
On an isolated network, or on some future machine that exclusively
uses DNSSEC for all DNS queries, thereby guarding itself against
spoofing.
Some words to that effect in the text would be useful.
Done
-- Appendix A:
Please describe the conclusions, not just the arguments.
Arguments were made for and against using Multicast on UDP port
53. The arguments for using a different port were greater in
number and more compelling so the final decision was to use UDP
port 5353.
Text to the effect of "...the final decision..." would be helpful
in the draft.
Done.
Section 13 states that something is out of scope for the document.
It's conventional to make such statements early in the document.
For example, if someone was trying to learn how mDNS is used in
service discovery, he might be disappointed to read this far before
they discover he was in the wrong place.
Moved to introduction.
Stuart Cheshire <cheshire@xxxxxxxxx>
* Wizard Without Portfolio, Apple Inc.
* www.stuartcheshire.org
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf