[dns-operations] security-aware stub resolver
Joe Abley
jabley at ca.afilias.info
Thu May 22 12:57:49 UTC 2008
On 22 May 2008, at 08:53, Tony Finch wrote:
> On Thu, 22 May 2008, Joe Abley wrote:
>>
>> I seem to remember hearing about a DNSSEC plugin for Mozilla
>
> That's on the same site :-)
>
> http://www.nlnetlabs.nl/dnssec/drill_extension.html
Ah, so it is :-)
I suppose the simple answer to "how widely is this used?" can be
derived from "it requires ldns", together with "ldns is not packaged
for Windows".
The impression I have arrived at is that in practical terms there is
no security-aware stub resolver in circulation, and that anybody
interested in failure modes following DNSSEC deployment only needs to
worry about the use-case where a non-security-aware stub resolver is
talking to a non-security-aware resolver, and the case where such a
stub resolver is talking to a validating resolver.
Joe
More information about the dns-operations
mailing list