Hello, I've reviewed draft-ietf-masque-connect-ip specifically for DNS issues. This is mostly contained in a single section: 4.1: IP Proxy Handling.

In that section a two questions popped up when the 'target' variable is a DNS name and the IP proxy must then perform a DNS lookup:

- Should the IP proxy care about the TTL of the looked up name? I.e. is it OK if the TTL expires? Potentially the DNS name can then point to a different IP address?
- Should the IP Proxy do a DNSSEC lookup or a plain DNS lookup? Should this be configurable or can the IP proxy just not care?

Regards,
Miek