[dns-operations] Forgery resilience idea - wildcard cooperative defense
Andrew Sullivan
ajs at commandprompt.com
Thu Aug 7 18:33:35 UTC 2008
I've elided namedroppers@, since this has nothing to do with the protocol
On Thu, Aug 07, 2008 at 01:49:47PM -0400, Brian Dickson wrote:
> ADNS, RDNS, *one* zone + registry, *one* registrar, and the ops procedures
I would be pretty nervous about using DNSSEC in a top level zone that
had only one registrar supporting it. Registrars go out of business,
and 1-1 is 0. It'd be rather bad news if your DNSSEC-enable zone
suddenly couldn't be managed.
A
--
Andrew Sullivan
ajs at commandprompt.com
+1 503 667 4564 x104
http://www.commandprompt.com/
More information about the dns-operations
mailing list