nanog mailing list archives
Re: DNSSEC Best Practices
From: Ca By <cb.list6 () gmail com>
Date: Tue, 27 Apr 2021 15:26:24 -0700
On Tue, Apr 27, 2021 at 12:34 PM Eric Germann via NANOG <nanog () nanog org> wrote:
Does anyone have a pointer to a good resource for current best practices for deployment of DNSSEC, preferably newer than RFC6781? What algorithms do you typically sign with (RSASHA256, ECDSAP256SHA256, both, something other)? Feel free to little r me off list if you wish
Probably best not to deploy it since it does not solve any practical problems, yet makes huge ddos possible via dns reflection attacks.
— Eric Germann ekgermann (at) semperen.com LinkedIn: https://www.linkedin.com/in/ericgermann GPG Fingerprint: 89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1
Current thread:
- DNSSEC Best Practices Eric Germann via NANOG (Apr 27)
- Re: DNSSEC Best Practices Arne Jensen (Apr 27)
- Re: DNSSEC Best Practices Mark Tinka (Apr 28)
- Re: DNSSEC Best Practices Tony Finch (Apr 28)
- Re: DNSSEC Best Practices Mark Tinka (Apr 28)
- Re: DNSSEC Best Practices Robert Story (Apr 28)
- Re: DNSSEC Best Practices Arne Jensen (Apr 27)
- Re: DNSSEC Best Practices Ca By (Apr 27)
- Re: DNSSEC Best Practices Mark Tinka (Apr 28)