[dns-operations] Forgery resilience idea - wildcard cooperative defense

Andrew Sullivan ajs at commandprompt.com
Thu Aug 7 18:33:35 UTC 2008

I've elided namedroppers@, since this has nothing to do with the protocol

On Thu, Aug 07, 2008 at 01:49:47PM -0400, Brian Dickson wrote:

> ADNS, RDNS, *one* zone + registry, *one* registrar, and the ops procedures 

I would be pretty nervous about using DNSSEC in a top level zone that
had only one registrar supporting it.  Registrars go out of business,
and 1-1 is 0.  It'd be rather bad news if your DNSSEC-enable zone
suddenly couldn't be managed.


Andrew Sullivan
ajs at commandprompt.com
+1 503 667 4564 x104

More information about the dns-operations mailing list