[dns-operations] security-aware stub resolver
Ed.Lewis at neustar.biz
Thu May 22 20:01:23 UTC 2008
At 19:31 +0000 5/22/08, Paul Vixie wrote:
>i think it's important that applications be dnssec aware. i don't know the
>exact signalling used to tell an app that an answer was validated,
I wonder about that, I don't know if I agree after all the water has
gone under the bridge. That's an issue that has dogged us for a long
time. Part of me says that DNSSEC was only about protecting the
DNSSEC transfers across the network. Part of me says that apps ought
to know the quality of the data they use. DNS is sometimes referred
to as infrastructure, lower layer. But it too is an application
layer beast. This is the struggle that lead up to the debacle that
was the SIKED BoF (http://www.ietf.org/proceedings/02mar/165.htm) in
Minneapolis, 2002. Sorry, no info at the link above.
Starting with Berkeley Sockets, we've never had a good API for
feeding back trouble. (How can you tell if it is safe to write()?
You have to do a read() first.) Back in the day, we (during the
TISLabs days) could never agree on the proper return codes for
anything other than the perfect case. Whether or not an app should
know - what could we give it, and what should the app do with it?
Edward Lewis +1-571-434-5468
Never confuse activity with progress. Activity pays more.
More information about the dns-operations