What record should I use?

Joseph S D Yao jsdy at cospo.osis.gov
Mon Aug 2 16:19:20 UTC 1999


Scott pondered:
> I would like to allow the domains administered by my DNS server to be able to 
> download encryption software, which requires the identification of the 
> recipient as a Canadian/US located computer.  
> 
> How can I do this? Which record should I use?

No DNS records are currently absolutely authenticatable proofs of your
location.  DNS could be spoofed.  Or you could lie.

If you had authenticated "secure DNS", and part of that procedure were
to somehow verify that you were telling the truth, the LOC records (RFC
1876) or GPOS records (RFC 1712) might be usable.  But both are marked
as EXPERIMENTAL protocols.  [I have heard more of LOC than of GPOS.]

In fact, it completely depends on what the server dispensing software
is looking for, and since there is no one standard, you will have to
ask each dispenser of such software what they need.

--
Joe Yao				jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support					EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.


More information about the bind-users mailing list