This would be great. Jon Crowcroft told me: two recentish PhDs from here (both went on to xen/citrix) hashed up a SSH and DNS daemons in OCaml - the work was part of aprogramme of research we have here on model-checkable protocols (was a sigcomm paper about the TCP model check a couple of
years back) ....if you are interested see http://github.com/avsm/melange/ This would be better over HIP.Would you have to configure the HIT for the nameserver? Or could it be opertunistic (the first DNS queries unsecured).
Could this be added to hipdnsproxy or would it still be necessary to rebuild the lookup code to involk HIP? I thought about this, as I am running all these services on the one server, and I am seeting the DNS queries going unprotected...