[dns-operations] [Security] Glue or not glue?
Patrik Fältström
paf at frobbit.se
Mon May 4 07:43:24 UTC 2015
On 4 May 2015, at 9:11, Stephane Bortzmeyer wrote:
> A new edition of the DNS security guide by ANSSI (French cybersecurity agency) recommends to prefer delegations with glue because glueless delegations "may carry additional risks since they create a
> dependency". Is there any other "best practices" text which makes such a recommendation?
>
> http://www.ssi.gouv.fr/entreprise/guide/bonnes-pratiques-pour-lacquisition-et-lexploitation-de-noms-de-domaine/
> (in french only)
Without reading the report, and speaking personally, I prefer a mix of delegations with glue and without to not have dependency of one path in the domain name space to work for resolution to work. Only glue create for me a single point of failure...
Patrik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150504/8562e030/attachment.sig>
More information about the dns-operations
mailing list