nanog mailing list archives
Re: hat tip to .gov hostmasters
From: Florian Weimer <fweimer () bfk de>
Date: Mon, 22 Sep 2008 17:13:25 +0200
* Simon Vallet:
I'm not much up on DNSSEC, but don't you need to be using a resolver that recognizes DNSSEC in order for this to be useful?You do -- and last time I checked few native resolvers actually did : glibc doesn't, and I'd be surprised if the Windows resolver does
Windows doesn't. To my knowledge, there aren't any deployed valdiating, security-aware stub resolvers. Your best bet is to run BIND or Unbound locally with appropriate trust anchors, and use that as the system's resolver. With modern LRU-based caches which are efficient even at smallish sizes, this isn't much of a problem. -- Florian Weimer <fweimer () bfk de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
Current thread:
- Re: hat tip to .gov hostmasters, (continued)
- Re: hat tip to .gov hostmasters bmanning (Sep 22)
- Re: hat tip to .gov hostmasters David Conrad (Sep 22)
- Re: hat tip to .gov hostmasters David Conrad (Sep 22)
- Re: hat tip to .gov hostmasters Simon Vallet (Sep 22)
- Re: hat tip to .gov hostmasters Chris Owen (Sep 22)
- Re: hat tip to .gov hostmasters Simon Vallet (Sep 22)
- Re: hat tip to .gov hostmasters Jason Frisvold (Sep 22)
- Re: hat tip to .gov hostmasters Michael Thomas (Sep 22)
- Re: hat tip to .gov hostmasters Scott Francis (Sep 22)
- RE: hat tip to .gov hostmasters Frank Bulk (Sep 23)
- Re: hat tip to .gov hostmasters Florian Weimer (Sep 22)
- Re: hat tip to .gov hostmasters bmanning (Sep 22)
- Re: hat tip to .gov hostmasters Kevin Oberman (Sep 22)
- Re: hat tip to .gov hostmasters Stephen Sprunk (Sep 22)
- RE: hat tip to .gov hostmasters Lindley James R (Sep 22)