North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: US government mandates? use of DNSSEC by federal agencies
On Wed, 27 Aug 2008 09:53:26 -0700 "Kevin Oberman" <[email protected]> wrote: > > > > So the question I have is... will operators (ISP, etc) turn on > > DNSsec checking? Or a more basic question of whether you even > > _could_ turn on checking if you were so inclined? > > As far as I can see, at least with bind-9.5, operators would have to > turn it off. It looks to me like dnssec-validation defaults to on. It > also appears that bind-9.4 defaults to 'off'. Right. The real questions are the clients and the trust anchor -- what root key do you support? --Steve Bellovin, http://www.cs.columbia.edu/~smb
|