North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: hat tip to .gov hostmasters

  • From: Scott Francis
  • Date: Mon Sep 22 11:47:27 2008

On Mon, Sep 22, 2008 at 8:16 AM, Jason Frisvold <[email protected]> wrote:
> On Mon, Sep 22, 2008 at 11:02 AM, Chris Owen <[email protected]> wrote:
>> Chicken, meet egg.
>>
>> I think the point of the original post is that one end or the other has to
>> start things.  At least we have one US zone doing something on the server
>> end of things.
>
> Oh, agreed, absolutely.  And it's great to see.  However, neither the
> slashdot blurb, nor the NetworkWorld article mention that without a
> valid resolver, there is no guarantee of security.  Sure, they mention
> that vendors are rolling it out and that ISPs should be following
> suit, but no mention is made of the end-user's resolver at all...

the NetworkWorld article (in the printer-friendly version, at least)
has a little table that shows the DNSSEC status of the major vendors.
And support in the resolver library is not strictly necessary, as long
as you trust _your_ (or your ISP's) nameservers.

(not to say that it isn't a good idea, just that it's not requirement
for initial rollout.)
-- 
[email protected]{gmail.com,darkuncle.net} || 0x5537F527
 http://darkuncle.net/pubkey.asc for public key