nanog mailing list archives
Re: US government mandates? use of DNSSEC by federal agencies
From: Jared Mauch <jared () puck nether net>
Date: Wed, 27 Aug 2008 12:33:31 -0400
On Wed, Aug 27, 2008 at 09:22:40AM -0700, Michael Thomas wrote:
Kevin Oberman wrote:Date: Tue, 26 Aug 2008 16:53:24 -0400 From: "Bill Bogstad" <bogstad () pobox com> Not sure what this will actually mean in the long run, but it's at least worth noting. http://www.gcn.com/online/vol1_no1/46987-1.html http://www.whitehouse.gov/omb/memoranda/fy2008/m08-23.pdfIt will mean something in the medium term as '.gov' and '.org' will be signed very soon and OMB might be able to even get the root signed. (Since OMB can pull funding, no one argues with them much.) All of this will increase pressure on Verisign to deal with '.com' and '.net'. Note that this only has an impact on '.gov' and the zones immediately below it, but I suspect most sub-domains of *.gov will be signed as a result of this, even if it is not required.So the question I have is... will operators (ISP, etc) turn on DNSsec checking? Or a more basic question of whether you even _could_ turn on checking if you were so inclined?
I know that we made sure it was turned on as part of our patch process for our customer facing resolvers. IIRC the default may have changed in bind as well if you actually read the changelog. 2405. [cleanup] The default value for dnssec-validation was changed to "yes" in 9.5.0-P1 and all subsequent releases; this was inadvertently omitted from CHANGES at the time. - Jared -- Jared Mauch | pgp key available via finger from jared () puck nether net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Current thread:
- US government mandates? use of DNSSEC by federal agencies Bill Bogstad (Aug 26)
- Re: US government mandates? use of DNSSEC by federal agencies Kevin Oberman (Aug 26)
- Re: US government mandates? use of DNSSEC by federal agencies Michael Thomas (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies Jared Mauch (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies David Conrad (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies Leo Bicknell (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies Michael Thomas (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies Kevin Oberman (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies Steven M. Bellovin (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies Jeroen Massar (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies Kevin Oberman (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies Jeroen Massar (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies David Conrad (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies Kevin Oberman (Aug 26)
- Re: US government mandates? use of DNSSEC by federal agencies Michael Thomas (Aug 27)
- Re: US government mandates? use of DNSSEC by federal agencies David Conrad (Aug 27)