[dns-operations] security-aware stub resolver

Jelte Jansen jelte at NLnetLabs.nl
Thu May 22 13:02:35 UTC 2008

Joe Abley wrote:
> On 22 May 2008, at 07:18, Tony Finch wrote:
> I seem to remember hearing about a DNSSEC plugin for Mozilla, but when  
> I look now all I see is people asking about whether such a thing might  
> exist. Quite possibly I'm looking for the wrong thing.

there's been two things in development for mozilla that i know if; an
actual patch (from Sparta, if memory serves me right), and a simple
extension that calls drill's signature chase mode (which is now part of
ldns). Calling the extension a stub resolver might be too much (it's
more of a proof-of-concept, and because extension cannot interfere with
the actual resolving within mozilla, was pretty easy to circumvent). It
did however make DNSSEC visible (similar to lock/no lock).

Reception wasn't too great on that extension, and i am not aware of
anyone using it. While it's still available if you look hard enough, it
hasn't been updated for a long time, and doesn't work with recent
versions of firefox.

If people want, I could update it, although the initial statement (that
it provides no actual security) would still be true, unless extensions
have gotten a lot more power in Firefox 3.

> Are there any popular applications (in a hoardes-of-hotmail-users
> sense, not in a "all five of us use it regularly and think it's great"
> sense) that use ldns or Net::DNS in such a way that I could call them
> "security-aware stub resolvers"?

I'm not even sure that i can see a reason for anyone in the hotmail
class of users to use something that provides DNSSEC support at this
stage (Chicken, meet Egg).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20080522/f9019cbf/attachment.sig>

More information about the dns-operations mailing list