nanog mailing list archives

Re: DNSSEC and SSL

From: bmanning () vacation karoshi com
Date: Sun, 22 Aug 2010 21:34:02 +0000

On Sun, Aug 22, 2010 at 09:11:43AM -0400, ML wrote:

On 8/22/2010 2:38 AM, Mikael Abrahamsson wrote:

No, because DNSSEC isn't secured all the way from the DNS server to the
application, only to the resolver. Both systems have problems, I'd
imagine the best security is when they work together.


Is a DNSSEC capable stub resolver not in the cards?


        yes it is. unbound was originally designed for that very niche.

--bill

Current thread:

DNSSEC and SSL ML (Aug 21)
- Re: DNSSEC and SSL Gary Buhrmaster (Aug 21)
- Re: DNSSEC and SSL Mikael Abrahamsson (Aug 21)
  - Re: DNSSEC and SSL ML (Aug 22)
    - Re: DNSSEC and SSL Mans Nilsson (Aug 22)
    - Re: DNSSEC and SSL bmanning (Aug 22)
    - Re: DNSSEC and SSL Wes Hardaker (Aug 23)
    - Re: DNSSEC and SSL Tony Finch (Aug 23)
    - Re: DNSSEC and SSL Curtis Maurand (Aug 23)
    - Re: DNSSEC and SSL Doug Barton (Aug 23)
    - Re: DNSSEC and SSL bmanning (Aug 22)
    - Re: DNSSEC and SSL Tony Finch (Aug 23)
    - Re: DNSSEC and SSL Jakob Schlyter (Aug 23)
- Re: DNSSEC and SSL Jakob Schlyter (Aug 22)
- Re: DNSSEC and SSL Rubens Kuhl (Aug 23)
  - Re: DNSSEC and SSL Barry Shein (Aug 23)