nanog mailing list archives

Re: DNSSEC and SSL

From: Curtis Maurand <cmaurand () xyonet com>
Date: Mon, 23 Aug 2010 11:03:56 -0400

 On 8/22/2010 3:57 PM, Mans Nilsson wrote:

  a DNSSEC capable stub resolver not in the cards?
The best option today is to run a full-service resolver on the host;
which is a tad heavy for most desktops, not to speak about the cache
misses that would cause root server system load. The latter of course
can be avoided by setting forwarders.

OTOH: A thicker stub resolver does indeed exist; lwresd in the BIND
suite. Calling it from applications does however mean using new API
calls; since the traditional resolver API is oblivious to DNSSEC.

PowerDNS resolver.  Very fast, very light.

--Curtis

Current thread:

DNSSEC and SSL ML (Aug 21)
- Re: DNSSEC and SSL Gary Buhrmaster (Aug 21)
- Re: DNSSEC and SSL Mikael Abrahamsson (Aug 21)
  - Re: DNSSEC and SSL ML (Aug 22)
    - Re: DNSSEC and SSL Mans Nilsson (Aug 22)
    - Re: DNSSEC and SSL bmanning (Aug 22)
    - Re: DNSSEC and SSL Wes Hardaker (Aug 23)
    - Re: DNSSEC and SSL Tony Finch (Aug 23)
    - Re: DNSSEC and SSL Curtis Maurand (Aug 23)
    - Re: DNSSEC and SSL Doug Barton (Aug 23)
    - Re: DNSSEC and SSL bmanning (Aug 22)
    - Re: DNSSEC and SSL Tony Finch (Aug 23)
    - Re: DNSSEC and SSL Jakob Schlyter (Aug 23)
- Re: DNSSEC and SSL Jakob Schlyter (Aug 22)
- Re: DNSSEC and SSL Rubens Kuhl (Aug 23)
  - Re: DNSSEC and SSL Barry Shein (Aug 23)