end-to-end nym-based security link-level security try to get the root authorities to set up a secure, usable NS-list system have dnscache-conf keep track of copies of dnsroots.global incorporate automatic NS-list upgrades consider dead-server table in dnscache or in kernel IPv6 lookups maybe reverse IPv6 lookups; what a mess DNS over IPv6