[dns-operations] Where to find "DNS resolution path corruption"?
lutz at iks-jena.de
Wed Feb 20 08:36:15 UTC 2008
* k claffy wrote:
> you folks are making a really strong argument
> that 'dnssec does not solve the real problem'..
There is no technical solution to the social problem, that people leave the
control of their systems to other people.
DNSSEC has advantages:
for admins centralize public key handling (i.e. SSH)
obtain clear diagnostic information instead of nxdomain
for managers be outstanding innovative (using 10 years old technology)
secure the own domain from theft and pharming
for customers if it works, everything is ok
if it don't work, the ISP defeated an attack
DNSSEC has disadvantages:
for admin more work, more to read, new pitfalls to debug
update tools (maintainer has left the company years ago)
for managers if something goes wrong, the whole domain is dead for days
for customers this fucking ISP isn't able to provide Internet
Did I miss something?
More information about the dns-operations