[dns-operations] security-aware stub resolver

Joe Abley jabley at ca.afilias.info
Thu May 22 12:57:49 UTC 2008

On 22 May 2008, at 08:53, Tony Finch wrote:

> On Thu, 22 May 2008, Joe Abley wrote:
>> I seem to remember hearing about a DNSSEC plugin for Mozilla
> That's on the same site :-)
> http://www.nlnetlabs.nl/dnssec/drill_extension.html

Ah, so it is :-)

I suppose the simple answer to "how widely is this used?" can be  
derived from "it requires ldns", together with "ldns is not packaged  
for Windows".

The impression I have arrived at is that in practical terms there is  
no security-aware stub resolver in circulation, and that anybody  
interested in failure modes following DNSSEC deployment only needs to  
worry about the use-case where a non-security-aware stub resolver is  
talking to a non-security-aware resolver, and the case where such a  
stub resolver is talking to a validating resolver.


More information about the dns-operations mailing list