On 2007-06-15 15:52, RJ Atkinson wrote:Well, it's possible to do this but IMHO not desirable. For one thing, you would need some sort of distribution point to pull from, and everyone would have to know about it. It's best for that to be a name so that the address can change, but it could just as easily be an address. N.B., as discussed in the draft, this doesn't mean that you need to use it every time. It might be that your neighbor can feed you the database or that you can pull it off of some p2p network, but if you can't you need some place to get it authoritatively.Earlier, Brian Carpenter wrote: % Also, this way you remove any security issues associated with DNS, % and any confusion about IPv4 vs IPv6 connectivity to the servers.
The *only* way to remove potential security issues associated
with DNS is to deploy DNS Security.
Actually, not using DNS at all is another way, which is what I was suggesting for NERD.
But security is the secondary issue; my primary issue is that it creates a potential for a circular dependency of routing on DNS and of DNS on routing, and I don't want Eliot to have to fly round the world rebooting the Internet on the day that circularity bites. I am definitely not satisfied by Eliot's rebuttal of this circularity risk.
Eliot
_______________________________________________ RAM mailing list RAM at iab.org https://www1.ietf.org/mailman/listinfo/ram