[dns-operations] security-aware stub resolver

Peter Dambier peter at peter-dambier.de
Thu May 22 11:32:14 UTC 2008

Hi Lutz,

almost sorry to mention dnscache (djbdns) here.

It is not for the unsuspecting enduser, but when we did
have problems with Nordrhein-Westfalen faking DNS-zones
we found out all the djbdns people were imune.

We could turn bind caches into bind resolvers using
no more forwarders but djbdns proofed to be optimum
for journalists.

The only issue occured with people logging into public WLANs.

But we did find out how to connect them too.

Kind regards

Lutz Donnerhacke wrote:
> * Joe Abley wrote:
>> Is anybody aware of an implementation of a security-aware stub  
>> resolver outside of the laboratory? That is, a security-aware stub  
>> resolver that has a noticeable user base in the real world, for any  
>> values of "noticeable" and "real world" that seems sensible to you?
> draft-donnerhacke-sidr-bgp-verification-dnssec heavily rely on such an stup
> resolver in embedded devices like routers. But those are currently
> laboratory developments only.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations

Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de

More information about the dns-operations mailing list