North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: hat tip to .gov hostmasters
On Mon, Sep 22, 2008 at 8:16 AM, Jason Frisvold <[email protected]> wrote: > On Mon, Sep 22, 2008 at 11:02 AM, Chris Owen <[email protected]> wrote: >> Chicken, meet egg. >> >> I think the point of the original post is that one end or the other has to >> start things. At least we have one US zone doing something on the server >> end of things. > > Oh, agreed, absolutely. And it's great to see. However, neither the > slashdot blurb, nor the NetworkWorld article mention that without a > valid resolver, there is no guarantee of security. Sure, they mention > that vendors are rolling it out and that ISPs should be following > suit, but no mention is made of the end-user's resolver at all... the NetworkWorld article (in the printer-friendly version, at least) has a little table that shows the DNSSEC status of the major vendors. And support in the resolver library is not strictly necessary, as long as you trust _your_ (or your ISP's) nameservers. (not to say that it isn't a good idea, just that it's not requirement for initial rollout.) -- [email protected]{gmail.com,darkuncle.net} || 0x5537F527 http://darkuncle.net/pubkey.asc for public key
|